PT-2023-16438 · Wireshark+5 · Wireshark+5

Publicado

2023-05-18

Atualizado

2025-01-07

CVE-2023-0666

CVSS v3.1

6.5

Média

Vetor

AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions Wireshark versions 4.0.5 and prior

Description The issue is due to a failure in validating the length provided by an attacker-crafted RTPS packet, making Wireshark susceptible to a heap-based buffer overflow, and possibly code execution in the context of the process running Wireshark.

Recommendations For Wireshark versions 4.0.5 and prior, update to a version that includes the fix for this issue to prevent potential code execution. As a temporary workaround, consider disabling the handling of RTPS packets in Wireshark until a patch is available.

Exploit

Correção

Memory Corruption

Heap Based Buffer Overflow

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-787CWE-122

Identificadores relacionados

ALSA-2023:6469

ALSA-2023:7015

ALSA-2023_6469

ALSA-2023_7015

ALT-PU-2023-1938

ALT-PU-2023-1971

ALT-PU-2023-1976

ALT-PU-2023-5823

ALT-PU-2023-6556

CESA-2023_7015

CVE-2023-0666

DLA-3906-1

DSA-5429-1

ELSA-2023-6469

ELSA-2023-7015

OESA-2024-1342

OESA-2024-1427

OESA-2024-1428

OESA-2024-1429

OESA-2024-1430

OESA-2024-1431

OPENSUSE-SU-2024:12958-1

OPENSUSE-SU-2024_3165-1

RHSA-2023:6469

RHSA-2023:7015

RHSA-2023_6469

RHSA-2023_7015

ROSA-SA-2024-2388

ROSA-SA-2024-2390

SUSE-SU-2024:3165-1

SUSE-SU-2024_3165-1

Produtos afetados

Alt Linux

Almalinux

Centos

Red Hat

Suse

Wireshark

PT-2023-16438 · Wireshark+5 · Wireshark+5

CVE-2023-0666

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 251