Lucene search

K

[email protected]NVD:CVE-2023-0668

HistoryJun 07, 2023 - 3:15 a.m.

CVE-2023-0668

2023-06-0703:15:09

CWE-125

CWE-787

[email protected]

web.nvd.nist.gov

wireshark

ieee-c37.118

validation failure

heap-based overflow

code execution

6.5 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

6.9 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

48.3%

Due to failure in validating the length provided by an attacker-crafted IEEE-C37.118 packet, Wireshark version 4.0.5 and prior, by default, is susceptible to a heap-based buffer overflow, and possibly code execution in the context of the process running Wireshark.

Affected configurations

NVD

Node

wiresharkwiresharkRange3.6.0–3.6.14

OR

wiresharkwiresharkRange4.0.0–4.0.6

Node

debiandebian_linuxMatch12.0

References

gitlab.com/wireshark/wireshark/-/issues/19087

security.gentoo.org/glsa/202309-02

takeonme.org/cves/CVE-2023-0668.html

www.debian.org/security/2023/dsa-5429

www.wireshark.org/docs/relnotes/wireshark-4.0.6.html

www.wireshark.org/security/wnpa-sec-2023-19.html

6.5 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

6.9 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

48.3%

Related for NVD:CVE-2023-0668

redhatcve1 osv3 debiancve1 veracode1 cvelist1 cve1 ubuntucve1 prion1 nessus13 redhat1 oraclelinux1 almalinux1 openvas2 kaspersky1 rosalinux1 debian1 gentoo1