MGASA-2023-0275
- Source
- https://advisories.mageia.org/MGASA-2023-0275.html
- Import Source
- https://advisories.mageia.org/MGASA-2023-0275.json
- JSON Data
- https://api.osv.dev/v1/vulns/MGASA-2023-0275
- Related
- Published
- 2023-09-30T19:15:40Z
- Modified
- 2023-09-30T17:32:50Z
- Summary
- Updated wireshark packages fix security vulnerabilities
- Details
-
The updated wireshark packages fix security vulnerabilities:
Due to a failure in validating the length provided by an attacker-crafted CP2179 packet, Wireshark versions 2.0.0 through 4.0.7 is susceptible to a divide by zero allowing for a denial of service attack. (CVE-2023-2906)
BT SDP dissector infinite loop in Wireshark 4.0.0 to 4.0.7 and 3.6.0 to 3.6.15 allows denial of service via packet injection or crafted capture file. (CVE-2023-4511)
CBOR dissector crash in Wireshark 4.0.0 to 4.0.6 allows denial of service via packet injection or crafted capture file. (CVE-2023-4512)
BT SDP dissector memory leak in Wireshark 4.0.0 to 4.0.7 and 3.6.0 to 3.6.15 allows denial of service via packet injection or crafted capture file. (CVE-2023-4513)
- References
-
- https://advisories.mageia.org/MGASA-2023-0275.html
- https://bugs.mageia.org/show_bug.cgi?id=32275
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-2906
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-4511
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-4512
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-4513
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/L4AVRUYSHDNEAJILVSGY5W6MPOMG2YRF/
- Credits
-
-
- Mageia - COORDINATOR
-
Affected packages
Mageia:9 / wireshark
Package
- Name
- wireshark
- Purl
- pkg:rpm/mageia/wireshark?distro=mageia-9