CVE-2023-2855 — Out-of-bounds Write in Wireshark

Severity

6.5MEDIUMNVD

CNA5.3

EPSS

0.1%

top 82.05%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Timeline

PublishedMay 26

Description

Candump log parser crash in Wireshark 4.0.0 to 4.0.5 and 3.6.0 to 3.6.13 allows denial of service via crafted capture file

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:HExploitability: 2.8 | Impact: 3.6

▶NVDwireshark/wireshark3.6.0 — 3.6.14+1

▶Debianwireshark/wireshark< 3.4.16-0+deb11u1+3

▶CVEListV5wireshark_foundation/wireshark>=3.6.0, <3.6.14, >=4.0.0, <4.0.6+1

Also affects: Debian Linux 12.0

CVEList

CVE-2023-2855: Candump log parser crash in Wireshark 4↗2023-05-26

▶

GHSA

GHSA-ff83-59jh-6r49: Candump log parser crash in Wireshark 4↗2023-05-26

▶

OSV

CVE-2023-2855: Candump log parser crash in Wireshark 4↗2023-05-26

▶

Red Hat

wireshark: Candump log file parser crash↗2023-05-11

▶

Debian

CVE-2023-2855: wireshark - Candump log parser crash in Wireshark 4.0.0 to 4.0.5 and 3.6.0 to 3.6.13 allows ...↗2023

▶