Lucene search

K
rosalinuxROSA LABROSA-SA-2024-2390
HistoryApr 02, 2024 - 7:35 a.m.

Advisory ROSA-SA-2024-2390

2024-04-0207:35:41
ROSA LAB
abf.rosalinux.ru
10
wireshark
software vulnerability
4.0.10
denial of service
cve-2023-2858
cve-2023-2879
cve-2023-2906
cve-2023-2952
cve-2023-3648
cve-2023-3649
cve-2023-4511
cve-2023-4512
cve-2023-4513
cve-2023-5371
rosa-chrome
rtps dissector
memory management
resource allocation
unix

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

AI Score

7.8

Confidence

High

EPSS

0.002

Percentile

52.5%

Software: wireshark 4.0.10
OS: ROSA-CHROME

package_evr_string: wireshark-4.0.10-1.src.rpm

CVE-ID: CVE-2023-2858
BDU-ID: None
CVE-Crit: MEDIUM
CVE-DESC.: NetScaler file analyzer failure in Wireshark allows a denial of service via a created capture file.
CVE-STATUS: Fixed
CVE-REV: To close, run the command: sudo dnf update wireshark

CVE-ID: CVE-2023-2879
BDU-ID: None
CVE-Crit: MEDIUM
CVE-DESC.: NetScaler file analyzer failure in Wireshark allows a denial of service via a created capture file.
CVE-STATUS: Fixed
CVE-REV: To close, run the command: sudo dnf update wireshark

CVE-ID: CVE-2023-2906
BDU-ID: 2023-05022
CVE-Crit: HIGH
CVE-DESC.: A vulnerability in the CP2179 component of the Wireshark computer network traffic analyzer is related to a division by zero error. Exploitation of the vulnerability could allow an attacker acting remotely to cause a denial of service
CVE-STATUS: Fixed
CVE-REV: To close, run the command: sudo dnf update wireshark

CVE-ID: CVE-2023-2952
BDU-ID: None
CVE-Crit: MEDIUM
CVE-DESC.: The XRA dissector infinite loop in Wireshark allows denial of service via packet injection or a created capture file.
CVE-STATUS: Fixed
CVE-REV: To close, run the command: sudo dnf update wireshark

CVE-ID: CVE-2023-3648
BDU-ID: 2023-05695
CVE-Crit: MEDIUM
CVE-DESC.: A vulnerability in the computer network traffic analyzer Wireshark is related to inconsistent memory management. Exploitation of the vulnerability could allow an attacker to cause a denial of service
CVE-STATUS: Fixed
CVE-REV: To close, run the command: sudo dnf update wireshark

CVE-ID: CVE-2023-3649
BDU-ID: 2023-05696
CVE-Crit: MEDIUM
CVE-DESC.: A vulnerability in the computer network traffic analyzer Wireshark involves reading beyond buffer boundaries in memory. Exploitation of the vulnerability could allow an attacker to cause a denial of service
CVE-STATUS: Fixed.
CVE-REV: To close, run the command: sudo dnf update wireshark

CVE-ID: CVE-2023-4511
BDU-ID: 2023-05711
CVE-Crit: HIGH
CVE-DESC.: A vulnerability in the computer network traffic analyzer Wireshark is related to the execution of a loop with an unreachable exit condition. Exploitation of the vulnerability could allow an attacker acting remotely to cause a denial of service.
CVE-STATUS: Resolved
CVE-REV: To close, run the command: sudo dnf update wireshark

CVE-ID: CVE-2023-4512
BDU-ID: 2023-05713
CVE-Crit: HIGH
CVE-DESC.: A vulnerability in the computer network traffic analyzer Wireshark is caused by uncontrolled recursion. Exploitation of the vulnerability could allow an attacker acting remotely to cause a denial of service.
CVE-STATUS: Fixed
CVE-REV: To close, run the command: sudo dnf update wireshark

CVE-ID: CVE-2023-4513
BDU-ID: 2023-05712
CVE-Crit: HIGH
CVE-DESC.: A vulnerability in the computer network traffic analyzer Wireshark is related to a memory release error. Exploitation of the vulnerability could allow an attacker acting remotely to cause a denial of service
CVE-STATUS: Fixed
CVE-REV: To close, run the command: sudo dnf update wireshark

CVE-ID: CVE-2023-5371
BDU-ID: 2023-06834
CVE-Crit: HIGH
CVE-DESC.: A vulnerability in the RTPS dissector of the RTPS computer network traffic analyzer Wireshark is related to unrestricted resource allocation. Exploitation of the vulnerability could allow an attacker acting remotely to cause a denial of service
CVE-STATUS: Resolved
CVE-REV: To close, run the command: sudo dnf update wireshark

OSVersionArchitecturePackageVersionFilename
ROSAanynoarchwireshark< 4.0.10UNKNOWN

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

AI Score

7.8

Confidence

High

EPSS

0.002

Percentile

52.5%