CVE-2023-0412 — Improper Resource Shutdown or Release in Wireshark

Severity

7.1HIGHNVD

CNA6.3

EPSS

0.2%

top 56.80%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Timeline

PublishedJan 26

Latest updateJan 27

Description

TIPC dissector crash in Wireshark 4.0.0 to 4.0.2 and 3.6.0 to 3.6.10 and allows denial of service via packet injection or crafted capture file

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:HExploitability: 2.8 | Impact: 4.2

▶Debianwireshark/wireshark< 3.4.16-0+deb11u1+3

▶NVDwireshark/wireshark3.6.0 — 3.6.10+1

▶CVEListV5wireshark_foundation/wireshark>=3.6.0, <3.6.11, >=4.0.0, <4.0.3+1

Also affects: Debian Linux 10.0

GHSA

GHSA-9c8m-hmqf-mhq2: TIPC dissector crash in Wireshark 4↗2023-01-26

▶

OSV

CVE-2023-0412: TIPC dissector crash in Wireshark 4↗2023-01-26

▶

CVEList

CVE-2023-0412: TIPC dissector crash in Wireshark 4↗2023-01-24

▶

Red Hat

wireshark: TIPC dissector crash↗2023-01-27

▶

Debian

CVE-2023-0412: wireshark - TIPC dissector crash in Wireshark 4.0.0 to 4.0.2 and 3.6.0 to 3.6.10 and allows ...↗2023

▶