CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 2CVE-2023-0667 – Wireshark MSMMS parsing buffer overflow
https://notcve.org/view.php?id=CVE-2023-0667
Due to failure in validating the length provided by an attacker-crafted MSMMS packet, Wireshark version 4.0.5 and prior, in an unusual configuration, is susceptible to a heap-based buffer overflow, and possibly code execution in the context of the process running Wireshark Debido a un fallo en la validación de la longitud proporcionada por un atacante en un paquete manipulado MSMMS, Wireshark v4.0.5 y anteriores, en una configuración inusual, es susceptible a un desbordamiento de búfer de pila, y posiblemente a la ejecución de código en el contexto del proceso que ejecuta Wireshark. • https://gitlab.com/wireshark/wireshark/-/issues/19086 https://security.gentoo.org/glsa/202309-02 https://takeonme.org/cves/CVE-2023-0667.html • CWE-122: Heap-based Buffer Overflow CWE-787: Out-of-bounds Write •
CVSS: 6.5EPSS: 0%CPEs: 4EXPL: 1CVE-2023-2952 – wireshark: XRA dissector infinite loop
https://notcve.org/view.php?id=CVE-2023-2952
XRA dissector infinite loop in Wireshark 4.0.0 to 4.0.5 and 3.6.0 to 3.6.13 allows denial of service via packet injection or crafted capture file El bucle infinito del disector XRA en Wireshark 4.0.0 a 4.0.5 y 3.6.0 a 3.6.13 permite la denegación de servicio mediante la inyección de paquetes o un archivo de captura manipulado A flaw was found in the XRA dissector of Wireshark. This issue occurs when decoding malformed packets from a pcap file or from the network, causing an infinite loop, resulting in a denial of service. • https://gitlab.com/gitlab-org/cves/-/blob/master/2023/CVE-2023-2952.json https://gitlab.com/wireshark/wireshark/-/issues/19100 https://lists.debian.org/debian-lts-announce/2023/06/msg00004.html https://security.gentoo.org/glsa/202309-02 https://www.debian.org/security/2023/dsa-5429 https://www.wireshark.org/security/wnpa-sec-2023-20.html https://access.redhat.com/security/cve/CVE-2023-2952 https://bugzilla.redhat.com/show_bug.cgi?id=2211406 • CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop') •
CVSS: 7.5EPSS: 0%CPEs: 4EXPL: 1CVE-2023-2879
https://notcve.org/view.php?id=CVE-2023-2879
GDSDB infinite loop in Wireshark 4.0.0 to 4.0.5 and 3.6.0 to 3.6.13 allows denial of service via packet injection or crafted capture file GDSDB bucle infinito en Wireshark 4.0.0 a 4.0.5 y 3.6.0 a 3.6.13 permite la denegación de servicio a través de inyección de paquetes o archivo de captura manipulado • https://gitlab.com/gitlab-org/cves/-/blob/master/2023/CVE-2023-2879.json https://gitlab.com/wireshark/wireshark/-/issues/19068 https://lists.debian.org/debian-lts-announce/2023/06/msg00004.html https://security.gentoo.org/glsa/202309-02 https://www.debian.org/security/2023/dsa-5429 https://www.wireshark.org/security/wnpa-sec-2023-14.html • CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop') •
CVSS: 6.5EPSS: 0%CPEs: 3EXPL: 1CVE-2023-2854
https://notcve.org/view.php?id=CVE-2023-2854
BLF file parser crash in Wireshark 4.0.0 to 4.0.5 and 3.6.0 to 3.6.13 allows denial of service via crafted capture file El fallo del analizador de archivos BLF en Wireshark 4.0.0 a 4.0.5 y 3.6.0 a 3.6.13 permite la denegación de servicio a través de un archivo de captura manipulado. • https://gitlab.com/gitlab-org/cves/-/blob/master/2023/CVE-2023-2854.json https://gitlab.com/wireshark/wireshark/-/issues/19084 https://security.gentoo.org/glsa/202309-02 https://www.debian.org/security/2023/dsa-5429 https://www.wireshark.org/security/wnpa-sec-2023-17.html • CWE-787: Out-of-bounds Write •
CVSS: 6.5EPSS: 0%CPEs: 3EXPL: 1CVE-2023-2857
https://notcve.org/view.php?id=CVE-2023-2857
BLF file parser crash in Wireshark 4.0.0 to 4.0.5 and 3.6.0 to 3.6.13 allows denial of service via crafted capture file El fallo del analizador de archivos BLF en Wireshark 4.0.0 a 4.0.5 y 3.6.0 a 3.6.13 permite la denegación de servicio a través de un archivo de captura manipulado. • https://gitlab.com/gitlab-org/cves/-/blob/master/2023/CVE-2023-2857.json https://gitlab.com/wireshark/wireshark/-/issues/19063 https://security.gentoo.org/glsa/202309-02 https://www.debian.org/security/2023/dsa-5429 https://www.wireshark.org/security/wnpa-sec-2023-13.html • CWE-787: Out-of-bounds Write •