CVE-2023-0417 — Improper Resource Shutdown or Release in Wireshark

CWE-404 — Improper Resource Shutdown or Release CWE-789 — Memory Allocation with Excessive Size Value6 documents6 sources

Severity

6.5MEDIUMNVD

CNA6.3

EPSS

0.1%

top 73.95%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Wireshark Wireshark Foundation Wireshark

Timeline

PublishedJan 26

Latest updateJan 27

Description

Memory leak in the NFS dissector in Wireshark 4.0.0 to 4.0.2 and 3.6.0 to 3.6.10 and allows denial of service via packet injection or crafted capture file

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:HExploitability: 2.8 | Impact: 3.6

Affected Packages3 packages

▶Debianwireshark/wireshark< 3.4.16-0+deb11u1+3

▶NVDwireshark/wireshark3.6.0 — 3.6.10+1

▶CVEListV5wireshark_foundation/wireshark>=3.6.0, <3.6.11, >=4.0.0, <4.0.3+1

Patches

Patch: gitlab.com ↗Patch: gitlab.com ↗

🔴Vulnerability Details

GHSA

GHSA-w8xx-6h74-h677: Memory leak in the NFS dissector in Wireshark 4↗2023-01-26

▶

OSV

CVE-2023-0417: Memory leak in the NFS dissector in Wireshark 4↗2023-01-26

▶

CVEList

CVE-2023-0417: Memory leak in the NFS dissector in Wireshark 4↗2023-01-24

▶

📋Vendor Advisories

Red Hat

wireshark: NFS dissector memory leak↗2023-01-27

▶

Debian

CVE-2023-0417: wireshark - Memory leak in the NFS dissector in Wireshark 4.0.0 to 4.0.2 and 3.6.0 to 3.6.10...↗2023

▶