CVE-2023-2857

Опубликовано: 11 мая 2023

Источник: redhat

CVSS3: 6.5

EPSS Низкий

Описание

BLF file parser crash in Wireshark 4.0.0 to 4.0.5 and 3.6.0 to 3.6.13 allows denial of service via crafted capture file

A flaw was found in the BLF file parser of Wireshark. This issue occurs when decoding malformed packets from a pcap file or from the network, causing a buffer overflow, resulting in a denial of service.

Отчет

Wireshark as shipped in Red Hat Enterprise Linux 8 and 9 is not affected by this vulnerability because the BLF file parser was introduced in a newer Wireshark version.

Затронутые пакеты

Платформа	Пакет	Состояние
Red Hat Enterprise Linux 6	wireshark	Out of support scope
Red Hat Enterprise Linux 7	wireshark	Out of support scope
Red Hat Enterprise Linux 8	wireshark	Not affected
Red Hat Enterprise Linux 9	wireshark	Not affected

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate

Дефект:

CWE-120

https://bugzilla.redhat.com/show_bug.cgi?id=2210826wireshark: BLF file parser crash

EPSS

Процентиль: 15%

0.00049

Низкий

6.5 Medium

CVSS3

Связанные уязвимости

CVE-2023-2857

CVSS3: 5.3

ubuntu

больше 2 лет назад

BLF file parser crash in Wireshark 4.0.0 to 4.0.5 and 3.6.0 to 3.6.13 allows denial of service via crafted capture file

CVE-2023-2857

CVSS3: 5.3

nvd

больше 2 лет назад

BLF file parser crash in Wireshark 4.0.0 to 4.0.5 and 3.6.0 to 3.6.13 allows denial of service via crafted capture file

CVE-2023-2857

CVSS3: 5.3

debian

больше 2 лет назад

BLF file parser crash in Wireshark 4.0.0 to 4.0.5 and 3.6.0 to 3.6.13 ...

GHSA-fx88-cqh9-ffwj

CVSS3: 5.3

github

больше 2 лет назад

BLF file parser crash in Wireshark 4.0.0 to 4.0.5 and 3.6.0 to 3.6.13 allows denial of service via crafted capture file

SUSE-SU-2023:2320-1

suse-cvrf

больше 2 лет назад

Security update for wireshark

EPSS

Процентиль: 15%

0.00049

Низкий

6.5 Medium

CVSS3