Lucene search

K
rosalinuxROSA LABROSA-SA-2023-2257
HistoryOct 21, 2023 - 4:35 p.m.

Advisory ROSA-SA-2023-2257

2023-10-2116:35:46
ROSA LAB
abf.rosalinux.ru
17
wireshark
rosa-chrome
security
denial of service
update
cve-2022-4344
cve-2022-4345
cve-2023-0411
cve-2023-0412
cve-2023-0413
cve-2023-0414
cve-2023-0415
cve-2023-0416
cve-2023-0417
cve-2023-1161
cve-2023-1992
cve-2023-1993

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

AI Score

8.8

Confidence

High

EPSS

0.001

Percentile

48.3%

Software: wireshark 4.0.5
OS: ROSA-CHROME

package_evr_string: wireshark-4.0.5-1.src.rpm

CVE-ID: CVE-2022-4344
BDU-ID: None
CVE-Crit: MEDIUM
CVE-DESC.: A memory shortage in the Kafka protocol dissector in Wireshark versions 4.0.0.0-4.0.1 and 3.6.0-3.6.9 allows denial of service via packet injection or a created capture file.
CVE-STATUS: Fixed
CVE-REV: To close, run the command: sudo dnf update wireshark

CVE-ID: CVE-2022-4345
BDU-ID: None
CVE-Crit: MEDIUM
CVE-DESC.: Infinite loops in BPv6, OpenFlow, and Kafka protocol dissectors in Wireshark versions 4.0.0-4.0.1 and 3.6.0-3.6.9 allow denial of service via packet injection or a created capture file.
CVE-STATUS: Fixed
CVE-REV: To close, run the command: sudo dnf update wireshark

CVE-ID: CVE-2023-0411
BDU-ID: None
CVE-Crit: MEDIUM
CVE-DESC.: Excessive cycles in multiple dissectors in Wireshark 4.0.0.0-4.0.2 and 3.6.0-3.6.10 and allow denial of service via packet injection or created capture file.
CVE-STATUS: Fixed
CVE-REV: To close, run the command: sudo dnf update wireshark

CVE-ID: CVE-2023-0411
BDU-ID: None
CVE-Crit: MEDIUM
CVE-DESC.: Excessive cycles in multiple dissectors in Wireshark 4.0.0.0-4.0.2 and 3.6.0-3.6.10 and allow denial of service via packet injection or created capture file.
CVE-STATUS: Fixed
CVE-REV: To close, run the command: sudo dnf update wireshark

CVE-ID: CVE-2023-0412
BDU-ID: None
CVE-Crit: HIGH
CVE-DESC.: TIPC dissector failure in Wireshark 4.0.0.0-4.0.2 and 3.6.0-3.6.10, allowing a denial of service via packet injection or a created capture file.
CVE-STATUS: Fixed
CVE-REV: To close, run the command: sudo dnf update wireshark

CVE-ID: CVE-2023-0413
BDU-ID: None
CVE-Crit: MEDIUM
CVE-DESC.: Dissection mechanism bug in Wireshark 4.0.0.0-4.0.2 and 3.6.0-3.6.10 allowing denial of service via packet injection or created capture file.
CVE-STATUS: Fixed
CVE-REV: To close, run the command: sudo dnf update wireshark

CVE-ID: CVE-2023-0414
BDU-ID: None
CVE-Crit: MEDIUM
CVE-DESC.: An EAP dissector failure in Wireshark 4.0.0-4.0.2 allows a denial of service via packet injection or a created capture file.
CVE-STATUS: Fixed
CVE-REV: To close, run the command: sudo dnf update wireshark

CVE-ID: CVE-2023-0415
BDU-ID: None
CVE-Crit: MEDIUM
CVE-DESC.: iSCSI dissector failure in Wireshark versions 4.0.0.0-4.0.2 and 3.6.0-3.6.10, allowing a denial of service via packet injection or a created capture file.
CVE-STATUS: Fixed
CVE-REV: To close, run the command: sudo dnf update wireshark

CVE-ID: CVE-2023-0416
BDU-ID: None
CVE-Crit: MEDIUM
CVE-DESC.: GNW dissector failure in Wireshark 4.0.0.0-4.0.2 and 3.6.0-3.6.10, allowing denial of service via packet injection or created capture file.
CVE-STATUS: Fixed
CVE-REV: To close, run the command: sudo dnf update wireshark

CVE-ID: CVE-2023-0417
BDU-ID: None
CVE-Crit: MEDIUM
CVE-DESC.: Memory leak in the NFS dissector in Wireshark versions 4.0.0 through 4.0.2 and 3.6.0 through 3.6.10 and allows denial of service via packet injection or created capture file.
CVE-STATUS: Fixed
CVE-REV: To close, run the command: sudo dnf update wireshark

CVE-ID: CVE-2023-1161
BDU-ID: None
CVE-Crit: HIGH
CVE-DESC.: ISO 15765 and ISO 10681 dissector failure in Wireshark versions 4.0.0 through 4.0.3 and 3.6.0 through 3.6.11 allows denial of service via packet injection or a created capture file.
CVE-STATUS: Fixed
CVE-REV: To close, run the command: sudo dnf update wireshark

CVE-ID: CVE-2023-1992
BDU-ID: None
CVE-Crit: HIGH
CVE-DESC.: Failure of the RPCoRDMA dissector in Wireshark versions 4.0.0 through 4.0.4 and 3.6.0 through 3.6.12 allows a denial of service via packet injection or a created capture file.
CVE-STATUS: Fixed
CVE-REV: To close, run the command: sudo dnf update wireshark

CVE-ID: CVE-2023-1993
BDU-ID: None
CVE-Crit: MEDIUM
CVE-DESC.: The large LISP dissector loop in Wireshark versions 4.0.0 through 4.0.4 and 3.6.0 through 3.6.12 allows for denial of service via packet injection or a created capture file.
CVE-STATUS: Fixed
CVE-REV: To close, run the command: sudo dnf update wireshark

CVE-ID: CVE-2023-1994
BDU-ID: None
CVE-Crit: MEDIUM
CVE-DESC.: The GQUIC dissector failure in Wireshark versions 4.0.0 through 4.0.4 and 3.6.0 through 3.6.12 allows a denial of service via packet injection or a created capture file.
CVE-STATUS: Fixed
CVE-REV: To close, run the command: sudo dnf update wireshark

OSVersionArchitecturePackageVersionFilename
ROSAanynoarchwireshark< 4.0.5UNKNOWN

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

AI Score

8.8

Confidence

High

EPSS

0.001

Percentile

48.3%