CVE-2023-2854Out-of-bounds Write in Wireshark

CWE-787Out-of-bounds WriteCWE-126Buffer Over-read6 documents6 sources
Severity
6.5MEDIUMNVD
CNA5.3
EPSS
0.1%
top 83.62%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
WiresharkWireshark Foundation WiresharkDebian Linux
Timeline
PublishedMay 26

Description

BLF file parser crash in Wireshark 4.0.0 to 4.0.5 and 3.6.0 to 3.6.13 allows denial of service via crafted capture file

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:HExploitability: 2.8 | Impact: 3.6

Affected Packages3 packages

NVDwireshark/wireshark3.6.03.6.14+1
Debianwireshark/wireshark< 4.0.6-1~deb12u1+2
CVEListV5wireshark_foundation/wireshark>=3.6.0, <3.6.14, >=4.0.0, <4.0.6+1

Also affects: Debian Linux 12.0

Patches

Patch: gitlab.comPatch: gitlab.com

🔴Vulnerability Details

3
CVEList
CVE-2023-2854: BLF file parser crash in Wireshark 42023-05-26
GHSA
GHSA-wf7c-7cm2-c3g5: BLF file parser crash in Wireshark 42023-05-26
OSV
CVE-2023-2854: BLF file parser crash in Wireshark 42023-05-26

📋Vendor Advisories

2
Red Hat
wireshark: BLF file parser crash2023-05-18
Debian
CVE-2023-2854: wireshark - BLF file parser crash in Wireshark 4.0.0 to 4.0.5 and 3.6.0 to 3.6.13 allows den...2023
CVE-2023-2854 — Out-of-bounds Write in Wireshark | cvebase