CVE-2023-4512 – Uncontrolled Recursion in Wireshark
https://notcve.org/view.php?id=CVE-2023-4512
CBOR dissector crash in Wireshark 4.0.0 to 4.0.6 allows denial of service via packet injection or crafted capture file La falla del disector CBOR en Wireshark 4.0.0 a 4.0.6 permite la denegación de servicio mediante inyección de paquetes o archivo de captura manipulado • https://gitlab.com/wireshark/wireshark/-/issues/19144 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6HCUPLDY7HLPO46PHMGIJSUBJFTT237C https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/L4AVRUYSHDNEAJILVSGY5W6MPOMG2YRF https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TRKHFQPWFU7F3OXTL6IEIQSJG6FVXZTZ https://www.wireshark.org/security/wnpa-sec-2023-23.html • CWE-674: Uncontrolled Recursion •
CVE-2023-4511 – Loop with Unreachable Exit Condition ('Infinite Loop') in Wireshark
https://notcve.org/view.php?id=CVE-2023-4511
BT SDP dissector infinite loop in Wireshark 4.0.0 to 4.0.7 and 3.6.0 to 3.6.15 allows denial of service via packet injection or crafted capture file El bucle infinito del disector BT SDP en Wireshark 4.0.0 a 4.0.7 y 3.6.0 a 3.6.15 permite la denegación de servicio mediante inyección de paquetes o archivo de captura manipulado • https://gitlab.com/wireshark/wireshark/-/issues/19258 https://lists.debian.org/debian-lts-announce/2024/02/msg00016.html https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6HCUPLDY7HLPO46PHMGIJSUBJFTT237C https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/L4AVRUYSHDNEAJILVSGY5W6MPOMG2YRF https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TRKHFQPWFU7F3OXTL6IEIQSJG6FVXZTZ https://www.wireshark.org/security/wnpa-sec-2 • CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop') •
CVE-2023-3649 – Buffer Over-read in Wireshark
https://notcve.org/view.php?id=CVE-2023-3649
iSCSI dissector crash in Wireshark 4.0.0 to 4.0.6 allows denial of service via packet injection or crafted capture file • https://gitlab.com/wireshark/wireshark/-/issues/19164 https://www.wireshark.org/security/wnpa-sec-2023-22.html • CWE-125: Out-of-bounds Read CWE-126: Buffer Over-read •
CVE-2023-3648 – Mismatched Memory Management Routines in Wireshark
https://notcve.org/view.php?id=CVE-2023-3648
Kafka dissector crash in Wireshark 4.0.0 to 4.0.6 and 3.6.0 to 3.6.14 allows denial of service via packet injection or crafted capture file • https://gitlab.com/wireshark/wireshark/-/issues/19105 https://www.wireshark.org/security/wnpa-sec-2023-21.html • CWE-762: Mismatched Memory Management Routines •
CVE-2023-0667 – Wireshark MSMMS parsing buffer overflow
https://notcve.org/view.php?id=CVE-2023-0667
Due to failure in validating the length provided by an attacker-crafted MSMMS packet, Wireshark version 4.0.5 and prior, in an unusual configuration, is susceptible to a heap-based buffer overflow, and possibly code execution in the context of the process running Wireshark Debido a un fallo en la validación de la longitud proporcionada por un atacante en un paquete manipulado MSMMS, Wireshark v4.0.5 y anteriores, en una configuración inusual, es susceptible a un desbordamiento de búfer de pila, y posiblemente a la ejecución de código en el contexto del proceso que ejecuta Wireshark. • https://gitlab.com/wireshark/wireshark/-/issues/19086 https://security.gentoo.org/glsa/202309-02 https://takeonme.org/cves/CVE-2023-0667.html • CWE-122: Heap-based Buffer Overflow CWE-787: Out-of-bounds Write •