Lucene search

Veracode Vulnerability DatabaseVERACODE:42499

HistoryAug 06, 2023 - 11:22 p.m.

Heap-based Buffer Overflow

2023-08-0623:22:45

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

wireshark

vulnerability

heap-based buffer overflow

length validation

rtps packet

application crash

6.5 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

0.001 Low

EPSS

Percentile

48.5%

JSON

wireshark is vulnerable to Heap-based Buffer Overflow. The vulnerability exists due to failure in validating the length provided which allows an attacker to execute arbitrary codes using a crafted RTPS packet causing an application crash.

CPENameOperatorVersion
wireshark:sideq3.4.3-1
wireshark:sideq3.2.8-0.1
wireshark:sideq3.4.3-1
wireshark:sideq3.2.8-0.1

Name	Operator	Version
wireshark:sid	eq	3.4.3-1
wireshark:sid	eq	3.2.8-0.1
wireshark:sid	eq	3.4.3-1
wireshark:sid	eq	3.2.8-0.1

References

gitlab.com/wireshark/wireshark/-/issues/19085

security-tracker.debian.org/tracker/CVE-2023-0666

security.gentoo.org/glsa/202309-02

takeonme.org/cves/CVE-2023-0666.html

www.debian.org/security/2023/dsa-5429

www.wireshark.org/docs/relnotes/wireshark-4.0.6.html

www.wireshark.org/security/wnpa-sec-2023-18.html

6.5 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

0.001 Low

EPSS

Percentile

48.5%

JSON

Related for VERACODE:42499