CVE-2023-0668

Опубликовано: 18 мая 2023

Источник: redhat

CVSS3: 6.5

EPSS Низкий

Описание

Due to failure in validating the length provided by an attacker-crafted IEEE-C37.118 packet, Wireshark version 4.0.5 and prior, by default, is susceptible to a heap-based buffer overflow, and possibly code execution in the context of the process running Wireshark.

A flaw was found in the IEEE C37.118 Synchrophasor dissector of Wireshark. This issue occurs when decoding malformed packets from a pcap file or from the network, causing a buffer overflow, resulting in a denial of service.

Отчет

Wireshark as shipped in Red Hat Enterprise Linux 8 is not affected by this vulnerability because the vulnerable code in the IEEE C37.118 Synchrophasor dissector was introduced in a newer Wireshark version.

Затронутые пакеты

Платформа	Пакет	Состояние	Рекомендация	Релиз
Red Hat Enterprise Linux 6	wireshark	Out of support scope
Red Hat Enterprise Linux 7	wireshark	Out of support scope
Red Hat Enterprise Linux 8	wireshark	Not affected
Red Hat Enterprise Linux 9	wireshark	Fixed	RHSA-2023:6469	07.11.2023

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate

Дефект:

CWE-125

https://bugzilla.redhat.com/show_bug.cgi?id=2210835wireshark: IEEE C37.118 Synchrophasor dissector crash

EPSS

Процентиль: 69%

0.00625

Низкий

6.5 Medium

CVSS3

Связанные уязвимости

CVE-2023-0668

CVSS3: 6.5

ubuntu

около 2 лет назад

CVE-2023-0668

CVSS3: 6.5

nvd

около 2 лет назад

CVE-2023-0668

CVSS3: 6.5

debian

около 2 лет назад

Due to failure in validating the length provided by an attacker-crafte ...

GHSA-4794-8fm9-wmp3

CVSS3: 6.5

github

около 2 лет назад

SUSE-SU-2023:2320-1

suse-cvrf

больше 2 лет назад

Security update for wireshark

EPSS

Процентиль: 69%

0.00625

Низкий

6.5 Medium

CVSS3