Lucene search

K

Veracode Vulnerability DatabaseVERACODE:43075

HistorySep 01, 2023 - 4:04 p.m.

Denial Of Service (DoS)

2023-09-0116:04:46

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

14

wireshark

denial of service

packet-cp2179.c

cp2179

vulnerability

decoding

packet length

divide by zero

crash

CVSS3

6.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

EPSS

0.001

Percentile

41.4%

wireshark is vulnerable to Denial of Service (DoS) attacks. The vulnerability exists in the packet-cp2179.c file. The file is responsible for decoding CP2179 packets. The vulnerability occurs when the file fails to properly check the length of a packet. This can cause Wireshark to divide by zero, crashing the application.

References

gitlab.com/wireshark/wireshark/-/issues/19229

lists.fedoraproject.org/archives/list/[email protected]/message/6HCUPLDY7HLPO46PHMGIJSUBJFTT237C/

lists.fedoraproject.org/archives/list/[email protected]/message/L4AVRUYSHDNEAJILVSGY5W6MPOMG2YRF/

lists.fedoraproject.org/archives/list/[email protected]/message/TRKHFQPWFU7F3OXTL6IEIQSJG6FVXZTZ/

security-tracker.debian.org/tracker/CVE-2023-2906

takeonme.org/cves/CVE-2023-2906.html

CVSS3

6.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

EPSS

0.001

Percentile

41.4%

Related for VERACODE:43075

alpinelinux1 nessus17 nvd1 debiancve1 redhatcve1 cve1 ubuntucve1 osv3 cvelist1 prion1 cbl_mariner1 mageia1 openvas5 fedora3 photon2 rosalinux1