Lucene search

PRIOn knowledge basePRION:CVE-2023-1994

HistoryApr 12, 2023 - 10:15 p.m.

Design/Logic Flaw

2023-04-1222:15:00

PRIOn knowledge base

www.prio-n.com

wireshark

gquic

dissector

crash

denial of service

packet injection

crafted capture file

nvd

6.8 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

41.6%

JSON

GQUIC dissector crash in Wireshark 4.0.0 to 4.0.4 and 3.6.0 to 3.6.12 allows denial of service via packet injection or crafted capture file

CPENameOperatorVersion
debian_linuxeq10.0
debian_linuxeq12.0
fedoraeq36
fedoraeq37
fedoraeq38
wiresharkge4.0.0
wiresharklt4.0.5
wiresharkge3.6.0
wiresharklt3.6.13

Name	Operator	Version
debian_linux	eq	10.0
debian_linux	eq	12.0
fedora	eq	36
fedora	eq	37
fedora	eq	38
wireshark	ge	4.0.0
wireshark	lt	4.0.5
wireshark	ge	3.6.0
wireshark	lt	3.6.13

References

gitlab.com/gitlab-org/cves/-/blob/master/2023/CVE-2023-1994.json

gitlab.com/wireshark/wireshark/-/issues/18947

lists.debian.org/debian-lts-announce/2023/04/msg00029.html

lists.fedoraproject.org/archives/list/[email protected]/message/EHLTD25WNQSPQNELX52UH6YLP4TBLKTT/

lists.fedoraproject.org/archives/list/[email protected]/message/FZA7IMATNNQPLIM6WMRPM3T5ZY24NRR2/

lists.fedoraproject.org/archives/list/[email protected]/message/PFJERBHVWYLYWXO2B3V47QH66IEB6EZ3/

security.gentoo.org/glsa/202309-02

www.debian.org/security/2023/dsa-5429

www.wireshark.org/security/wnpa-sec-2023-11.html