Security
Headlines
HeadlinesLatestCVEs

Headline

Gentoo Linux Security Advisory 202309-02

Gentoo Linux Security Advisory 202309-2 - Multiple vulnerabilities have been found in Wireshark, the worst of which could result in denial of service. Versions greater than or equal to 4.0.6 are affected.

Packet Storm
#vulnerability#web#mac#linux#dos

Gentoo Linux Security Advisory GLSA 202309-02


                                       https://security.gentoo.org/  

Severity: Low
Title: Wireshark: Multiple Vulnerabilities
Date: September 17, 2023
Bugs: #878421, #899548, #904248, #907133
ID: 202309-02


Synopsis

Multiple vulnerabilities have been found in Wireshark, the worst of
which could result in denial of service.

Background

Wireshark is a versatile network protocol analyzer.

Affected packages

Package Vulnerable Unaffected


net-analyzer/wireshark < 4.0.6 >= 4.0.6

Description

Multiple vulnerabilities have been discovered in Wireshark. Please
review the CVE identifiers referenced below for details.

Impact

Please review the referenced CVE identifiers for details.

Workaround

There is no known workaround at this time.

Resolution

All Wireshark users should upgrade to the latest version:

emerge --sync

emerge --ask --oneshot --verbose “>=net-analyzer/wireshark-4.0.6”

References

[ 1 ] CVE-2022-3725
https://nvd.nist.gov/vuln/detail/CVE-2022-3725
[ 2 ] CVE-2023-0666
https://nvd.nist.gov/vuln/detail/CVE-2023-0666
[ 3 ] CVE-2023-0667
https://nvd.nist.gov/vuln/detail/CVE-2023-0667
[ 4 ] CVE-2023-0668
https://nvd.nist.gov/vuln/detail/CVE-2023-0668
[ 5 ] CVE-2023-1161
https://nvd.nist.gov/vuln/detail/CVE-2023-1161
[ 6 ] CVE-2023-1992
https://nvd.nist.gov/vuln/detail/CVE-2023-1992
[ 7 ] CVE-2023-1993
https://nvd.nist.gov/vuln/detail/CVE-2023-1993
[ 8 ] CVE-2023-1994
https://nvd.nist.gov/vuln/detail/CVE-2023-1994
[ 9 ] CVE-2023-2854
https://nvd.nist.gov/vuln/detail/CVE-2023-2854
[ 10 ] CVE-2023-2855
https://nvd.nist.gov/vuln/detail/CVE-2023-2855
[ 11 ] CVE-2023-2856
https://nvd.nist.gov/vuln/detail/CVE-2023-2856
[ 12 ] CVE-2023-2857
https://nvd.nist.gov/vuln/detail/CVE-2023-2857
[ 13 ] CVE-2023-2858
https://nvd.nist.gov/vuln/detail/CVE-2023-2858
[ 14 ] CVE-2023-2879
https://nvd.nist.gov/vuln/detail/CVE-2023-2879
[ 15 ] CVE-2023-2952
https://nvd.nist.gov/vuln/detail/CVE-2023-2952
[ 16 ] WNPA-SEC-2022-07
[ 17 ] WNPA-SEC-2023-08
[ 18 ] WNPA-SEC-2023-09
[ 19 ] WNPA-SEC-2023-10
[ 20 ] WNPA-SEC-2023-11

Availability

This GLSA and any updates to it are available for viewing at
the Gentoo Security Website:

https://security.gentoo.org/glsa/202309-02

Concerns?

Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users’ machines is of utmost
importance to us. Any security concerns should be addressed to
[email protected] or alternatively, you may file a bug at
https://bugs.gentoo.org.

License

Copyright 2023 Gentoo Foundation, Inc; referenced text
belongs to its owner(s).

The contents of this document are licensed under the
Creative Commons - Attribution / Share Alike license.

https://creativecommons.org/licenses/by-sa/2.5

Related news

Debian Security Advisory 5429-1

Debian Linux Security Advisory 5429-1 - Multiple vulnerabilities have been discovered in Wireshark, a network protocol analyzer which could result in denial of service or the execution of arbitrary code.

Debian Security Advisory 5429-1

Debian Linux Security Advisory 5429-1 - Multiple vulnerabilities have been discovered in Wireshark, a network protocol analyzer which could result in denial of service or the execution of arbitrary code.

Debian Security Advisory 5429-1

Debian Linux Security Advisory 5429-1 - Multiple vulnerabilities have been discovered in Wireshark, a network protocol analyzer which could result in denial of service or the execution of arbitrary code.

Debian Security Advisory 5429-1

Debian Linux Security Advisory 5429-1 - Multiple vulnerabilities have been discovered in Wireshark, a network protocol analyzer which could result in denial of service or the execution of arbitrary code.

Debian Security Advisory 5429-1

Debian Linux Security Advisory 5429-1 - Multiple vulnerabilities have been discovered in Wireshark, a network protocol analyzer which could result in denial of service or the execution of arbitrary code.

Debian Security Advisory 5429-1

Debian Linux Security Advisory 5429-1 - Multiple vulnerabilities have been discovered in Wireshark, a network protocol analyzer which could result in denial of service or the execution of arbitrary code.

Debian Security Advisory 5429-1

Debian Linux Security Advisory 5429-1 - Multiple vulnerabilities have been discovered in Wireshark, a network protocol analyzer which could result in denial of service or the execution of arbitrary code.

Debian Security Advisory 5429-1

Debian Linux Security Advisory 5429-1 - Multiple vulnerabilities have been discovered in Wireshark, a network protocol analyzer which could result in denial of service or the execution of arbitrary code.

Debian Security Advisory 5429-1

Debian Linux Security Advisory 5429-1 - Multiple vulnerabilities have been discovered in Wireshark, a network protocol analyzer which could result in denial of service or the execution of arbitrary code.

Debian Security Advisory 5429-1

Debian Linux Security Advisory 5429-1 - Multiple vulnerabilities have been discovered in Wireshark, a network protocol analyzer which could result in denial of service or the execution of arbitrary code.

Debian Security Advisory 5429-1

Debian Linux Security Advisory 5429-1 - Multiple vulnerabilities have been discovered in Wireshark, a network protocol analyzer which could result in denial of service or the execution of arbitrary code.

Debian Security Advisory 5429-1

Debian Linux Security Advisory 5429-1 - Multiple vulnerabilities have been discovered in Wireshark, a network protocol analyzer which could result in denial of service or the execution of arbitrary code.

Debian Security Advisory 5429-1

Debian Linux Security Advisory 5429-1 - Multiple vulnerabilities have been discovered in Wireshark, a network protocol analyzer which could result in denial of service or the execution of arbitrary code.

CVE-2023-0668: CVE-2023-0668 • Austin Hackers Academy

Due to failure in validating the length provided by an attacker-crafted IEEE-C37.118 packet, Wireshark version 4.0.5 and prior, by default, is susceptible to a heap-based buffer overflow, and possibly code execution in the context of the process running Wireshark.

CVE-2023-0667: MSMMS parsing buffer overflow (#19086) · Issues · Wireshark Foundation / wireshark · GitLab

Due to failure in validating the length provided by an attacker-crafted MSMMS packet, Wireshark version 4.0.5 and prior, in an unusual configuration, is susceptible to a heap-based buffer overflow, and possibly code execution in the context of the process running Wireshark

CVE-2023-0666: CVE-2023-0666 🤘 • Austin Hackers Academy

Due to failure in validating the length provided by an attacker-crafted RTPS packet, Wireshark version 4.0.5 and prior, by default, is susceptible to a heap-based buffer overflow, and possibly code execution in the context of the process running Wireshark.

CVE-2023-2952: 2023/CVE-2023-2952.json · master · GitLab.org / cves · GitLab

XRA dissector infinite loop in Wireshark 4.0.0 to 4.0.5 and 3.6.0 to 3.6.13 allows denial of service via packet injection or crafted capture file

CVE-2023-2855: 2023/CVE-2023-2855.json · master · GitLab.org / cves · GitLab

Candump log parser crash in Wireshark 4.0.0 to 4.0.5 and 3.6.0 to 3.6.13 allows denial of service via crafted capture file

CVE-2023-2856: 2023/CVE-2023-2856.json · master · GitLab.org / cves · GitLab

VMS TCPIPtrace file parser crash in Wireshark 4.0.0 to 4.0.5 and 3.6.0 to 3.6.13 allows denial of service via crafted capture file

CVE-2023-2857: Heap buffer overflow vulnerability in BLF reader (#19063) · Issues · Wireshark Foundation / wireshark · GitLab

BLF file parser crash in Wireshark 4.0.0 to 4.0.5 and 3.6.0 to 3.6.13 allows denial of service via crafted capture file

CVE-2023-2858: Wireshark • wnpa-sec-2023-15 NetScaler file parser crash

NetScaler file parser crash in Wireshark 4.0.0 to 4.0.5 and 3.6.0 to 3.6.13 allows denial of service via crafted capture file

CVE-2023-2879: Fuzz job crash output: fuzz-2023-05-13-7062.pcap (#19068) · Issues · Wireshark Foundation / wireshark · GitLab

GDSDB infinite loop in Wireshark 4.0.0 to 4.0.5 and 3.6.0 to 3.6.13 allows denial of service via packet injection or crafted capture file

CVE-2023-1994: 2023/CVE-2023-1994.json · master · GitLab.org / cves · GitLab

GQUIC dissector crash in Wireshark 4.0.0 to 4.0.4 and 3.6.0 to 3.6.12 allows denial of service via packet injection or crafted capture file

CVE-2023-1993: Wireshark • wnpa-sec-2023-10 LISP dissector large loop

LISP dissector large loop in Wireshark 4.0.0 to 4.0.4 and 3.6.0 to 3.6.12 allows denial of service via packet injection or crafted capture file

CVE-2023-1992: Wireshark • wnpa-sec-2023-09 RPCoRDMA dissector crash

RPCoRDMA dissector crash in Wireshark 4.0.0 to 4.0.4 and 3.6.0 to 3.6.12 allows denial of service via packet injection or crafted capture file

CVE-2023-1161: 2023/CVE-2023-1161.json · master · GitLab.org / cves · GitLab

ISO 15765 and ISO 10681 dissector crash in Wireshark 4.0.0 to 4.0.3 and 3.6.0 to 3.6.11 allows denial of service via packet injection or crafted capture file

CVE-2022-3725: Stack Overflow Write - OPUS dissector - dissect_opus() frames (#18378) · Issues · Wireshark Foundation / wireshark · GitLab

Crash in the OPUS protocol dissector in Wireshark 3.6.0 to 3.6.8 allows denial of service via packet injection or crafted capture file

Packet Storm: Latest News

Acronis Cyber Protect/Backup Remote Code Execution