CVE-2023-2854

Опубликовано: 18 мая 2023

Источник: redhat

CVSS3: 6.5

EPSS Низкий

Описание

BLF file parser crash in Wireshark 4.0.0 to 4.0.5 and 3.6.0 to 3.6.13 allows denial of service via crafted capture file

A flaw was found in the BLF file parser of Wireshark. This issue occurs when decoding malformed packets from a PCAP file or the network, causing a buffer over-read, which results in a denial of service.

Отчет

Wireshark, as shipped in Red Hat Enterprise Linux 8 and 9, is not affected by this vulnerability because the BLF file parser was introduced in a newer Wireshark version.

Затронутые пакеты

Платформа	Пакет	Состояние
Red Hat Enterprise Linux 6	wireshark	Out of support scope
Red Hat Enterprise Linux 7	wireshark	Out of support scope
Red Hat Enterprise Linux 8	wireshark	Not affected
Red Hat Enterprise Linux 9	wireshark	Not affected

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate

Дефект:

CWE-126

https://bugzilla.redhat.com/show_bug.cgi?id=2210820wireshark: BLF file parser crash

EPSS

Процентиль: 15%

0.00049

Низкий

6.5 Medium

CVSS3

Связанные уязвимости

CVE-2023-2854

CVSS3: 5.3

ubuntu

больше 2 лет назад

BLF file parser crash in Wireshark 4.0.0 to 4.0.5 and 3.6.0 to 3.6.13 allows denial of service via crafted capture file

CVE-2023-2854

CVSS3: 5.3

nvd

больше 2 лет назад

BLF file parser crash in Wireshark 4.0.0 to 4.0.5 and 3.6.0 to 3.6.13 allows denial of service via crafted capture file

CVE-2023-2854

CVSS3: 5.3

debian

больше 2 лет назад

BLF file parser crash in Wireshark 4.0.0 to 4.0.5 and 3.6.0 to 3.6.13 ...

GHSA-wf7c-7cm2-c3g5

CVSS3: 5.3

github

больше 2 лет назад

BLF file parser crash in Wireshark 4.0.0 to 4.0.5 and 3.6.0 to 3.6.13 allows denial of service via crafted capture file

SUSE-SU-2024:3165-1

suse-cvrf

больше 1 года назад

Security update for wireshark

EPSS

Процентиль: 15%

0.00049

Низкий

6.5 Medium

CVSS3