CVE-2023-0415Improper Resource Shutdown or Release in Wireshark

CWE-404Improper Resource Shutdown or ReleaseCWE-476NULL Pointer Dereference6 documents6 sources
Severity
6.5MEDIUMNVD
CNA6.3
EPSS
0.2%
top 62.83%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
WiresharkWireshark Foundation Wireshark
Timeline
PublishedJan 26
Latest updateJan 27

Description

iSCSI dissector crash in Wireshark 4.0.0 to 4.0.2 and 3.6.0 to 3.6.10 and allows denial of service via packet injection or crafted capture file

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:HExploitability: 2.8 | Impact: 3.6

Affected Packages3 packages

Debianwireshark/wireshark< 3.4.16-0+deb11u1+3
NVDwireshark/wireshark3.6.03.6.10+1
CVEListV5wireshark_foundation/wireshark>=3.6.0, <3.6.11, >=4.0.0, <4.0.3+1

Patches

Patch: gitlab.comPatch: gitlab.com

🔴Vulnerability Details

3
GHSA
GHSA-m2m7-rw22-r6mp: iSCSI dissector crash in Wireshark 42023-01-26
OSV
CVE-2023-0415: iSCSI dissector crash in Wireshark 42023-01-26
CVEList
CVE-2023-0415: iSCSI dissector crash in Wireshark 42023-01-24

📋Vendor Advisories

2
Red Hat
wireshark: iSCSI dissector crash2023-01-27
Debian
CVE-2023-0415: wireshark - iSCSI dissector crash in Wireshark 4.0.0 to 4.0.2 and 3.6.0 to 3.6.10 and allows...2023
CVE-2023-0415 — Improper Resource Shutdown or Release | cvebase