CVE-2023-1161 — Classic Buffer Overflow in Wireshark

CWE-120 — Classic Buffer Overflow CWE-787 — Out-of-bounds Write6 documents6 sources

Severity

7.1HIGHNVD

CNA6.3

EPSS

0.2%

top 58.49%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Wireshark Wireshark Foundation Wireshark Debian Linux

Timeline

PublishedMar 6

Description

ISO 15765 and ISO 10681 dissector crash in Wireshark 4.0.0 to 4.0.3 and 3.6.0 to 3.6.11 allows denial of service via packet injection or crafted capture file

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:HExploitability: 2.8 | Impact: 4.2

Affected Packages3 packages

▶NVDwireshark/wireshark3.6.0 — 3.6.12+1

▶Debianwireshark/wireshark< 3.4.16-0+deb11u1+3

▶CVEListV5wireshark_foundation/wireshark>=3.6.0, <3.6.12, >=4.0.0, <4.0.4+1

Also affects: Debian Linux 10.0, 12.0

🔴Vulnerability Details

GHSA

GHSA-rf23-mj2w-9g24: ISO 15765 and ISO 10681 dissector crash in Wireshark 4↗2023-03-06

▶

CVEList

CVE-2023-1161: ISO 15765 and ISO 10681 dissector crash in Wireshark 4↗2023-03-06

▶

OSV

CVE-2023-1161: ISO 15765 and ISO 10681 dissector crash in Wireshark 4↗2023-03-06

▶

📋Vendor Advisories

Red Hat

wireshark: ISO 15765 and ISO 10681 dissector crash↗2023-03-04

▶

Debian

CVE-2023-1161: wireshark - ISO 15765 and ISO 10681 dissector crash in Wireshark 4.0.0 to 4.0.3 and 3.6.0 to...↗2023

▶