DebianDEBIAN:DLA-3313-1:9A313[SECURITY] [DLA 3313-1] wireshark security update
7.1 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H
7.8 High
AI Score
Confidence
High
0.001 Low
EPSS
Percentile
43.8%
Debian LTS Advisory DLA-3313-1 [email protected]
https://www.debian.org/lts/security/ Tobias Frost
February 08, 2023 https://wiki.debian.org/LTS
Package : wireshark
Version : 2.6.20-0+deb10u5
CVE ID : CVE-2022-4345 CVE-2023-0411 CVE-2023-0412 CVE-2023-0413
CVE-2023-0415 CVE-2023-0417
Multiple security vulnerabilities have been discovered in Wireshark, a
network traffic analyzer. An attacker could cause a denial of service
(infinite loop or application crash) via packet injection or a crafted
capture file.
CVE-2022-4345
Infinite loops in the BPv6, OpenFlow, and Kafka protocol dissectors in
Wireshark 4.0.0 to 4.0.1 and 3.6.0 to 3.6.9 allows denial of service via
packet injection or crafted capture file
CVE-2023-0411
Excessive loops in multiple dissectors in Wireshark 4.0.0 to 4.0.2 and
3.6.0 to 3.6.10 and allows denial of service via packet injection or
crafted capture file
CVE-2023-0412
TIPC dissector crash in Wireshark 4.0.0 to 4.0.2 and 3.6.0 to 3.6.10 and
allows denial of service via packet injection or crafted capture file
CVE-2023-0413
Dissection engine bug in Wireshark 4.0.0 to 4.0.2 and 3.6.0 to 3.6.10
and allows denial of service via packet injection or crafted capture
file
CVE-2023-0415
iSCSI dissector crash in Wireshark 4.0.0 to 4.0.2 and 3.6.0 to 3.6.10
and allows denial of service via packet injection or crafted capture
file
CVE-2023-0417
Memory leak in the NFS dissector in Wireshark 4.0.0 to 4.0.2 and 3.6.0
to 3.6.10 and allows denial of service via packet injection or crafted
capture file
For Debian 10 buster, these problems have been fixed in version
2.6.20-0+deb10u5.
We recommend that you upgrade your wireshark packages.
For the detailed security status of wireshark please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/wireshark
Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS
Attachment:
signature.asc
Description: PGP signature
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| Debian | 10 | amd64 | wireshark-gtk | < 2.6.20-0+deb10u5 | wireshark-gtk_2.6.20-0+deb10u5_amd64.deb |
| Debian | 10 | i386 | libwireshark-dev | < 2.6.20-0+deb10u5 | libwireshark-dev_2.6.20-0+deb10u5_i386.deb |
| Debian | 10 | armhf | libwiretap8 | < 2.6.20-0+deb10u5 | libwiretap8_2.6.20-0+deb10u5_armhf.deb |
| Debian | 10 | arm64 | libwireshark11 | < 2.6.20-0+deb10u5 | libwireshark11_2.6.20-0+deb10u5_arm64.deb |
| Debian | 10 | i386 | wireshark | < 2.6.20-0+deb10u5 | wireshark_2.6.20-0+deb10u5_i386.deb |
| Debian | 10 | i386 | wireshark-common | < 2.6.20-0+deb10u5 | wireshark-common_2.6.20-0+deb10u5_i386.deb |
| Debian | 10 | amd64 | wireshark-qt | < 2.6.20-0+deb10u5 | wireshark-qt_2.6.20-0+deb10u5_amd64.deb |
| Debian | 10 | arm64 | tshark | < 2.6.20-0+deb10u5 | tshark_2.6.20-0+deb10u5_arm64.deb |
| Debian | 10 | armhf | libwscodecs2 | < 2.6.20-0+deb10u5 | libwscodecs2_2.6.20-0+deb10u5_armhf.deb |
| Debian | 10 | arm64 | libwiretap8 | < 2.6.20-0+deb10u5 | libwiretap8_2.6.20-0+deb10u5_arm64.deb |
Related
7.1 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H
7.8 High
AI Score
Confidence
High
0.001 Low
EPSS
Percentile
43.8%