CVE-2023-2856 — Out-of-bounds Write in Wireshark

Severity

6.5MEDIUMNVD

CNA5.3

EPSS

0.0%

top 87.20%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Timeline

PublishedMay 26

Description

VMS TCPIPtrace file parser crash in Wireshark 4.0.0 to 4.0.5 and 3.6.0 to 3.6.13 allows denial of service via crafted capture file

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:HExploitability: 2.8 | Impact: 3.6

▶NVDwireshark/wireshark3.6.0 — 3.6.14+1

▶Debianwireshark/wireshark< 3.4.16-0+deb11u1+3

▶CVEListV5wireshark_foundation/wireshark>=3.6.0, <3.6.14, >=4.0.0, <4.0.6+1

Also affects: Debian Linux 10.0, 12.0

OSV

CVE-2023-2856: VMS TCPIPtrace file parser crash in Wireshark 4↗2023-05-26

▶

CVEList

CVE-2023-2856: VMS TCPIPtrace file parser crash in Wireshark 4↗2023-05-26

▶

GHSA

GHSA-c9g4-j4fr-ggh2: VMS TCPIPtrace file parser crash in Wireshark 4↗2023-05-26

▶

Red Hat

wireshark: VMS TCPIPtrace file parser crash↗2023-05-18

▶

Debian

CVE-2023-2856: wireshark - VMS TCPIPtrace file parser crash in Wireshark 4.0.0 to 4.0.5 and 3.6.0 to 3.6.13...↗2023

▶