CVE-2023-0414Improper Resource Shutdown or Release in Wireshark

CWE-404Improper Resource Shutdown or ReleaseCWE-416Use After Free6 documents6 sources
Severity
6.5MEDIUMNVD
CNA6.3
EPSS
0.1%
top 70.98%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
WiresharkWireshark Foundation Wireshark
Timeline
PublishedJan 26
Latest updateJan 27

Description

Crash in the EAP dissector in Wireshark 4.0.0 to 4.0.2 allows denial of service via packet injection or crafted capture file

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:HExploitability: 2.8 | Impact: 3.6

Affected Packages3 packages

Debianwireshark/wireshark< 4.0.3-1+2
NVDwireshark/wireshark4.0.04.0.2
CVEListV5wireshark_foundation/wireshark>=4.0.0, <4.0.3

Patches

Patch: gitlab.comPatch: gitlab.com

🔴Vulnerability Details

3
OSV
CVE-2023-0414: Crash in the EAP dissector in Wireshark 42023-01-26
GHSA
GHSA-2ggg-6j2g-7jfc: Crash in the EAP dissector in Wireshark 42023-01-26
CVEList
CVE-2023-0414: Crash in the EAP dissector in Wireshark 42023-01-24

📋Vendor Advisories

2
Red Hat
wireshark: EAP dissector crash2023-01-27
Debian
CVE-2023-0414: wireshark - Crash in the EAP dissector in Wireshark 4.0.0 to 4.0.2 allows denial of service ...2023
CVE-2023-0414 — Improper Resource Shutdown or Release | cvebase