PT-2023-16439 · Wireshark+3 · Wireshark+3

Wanderingglitch

Published

2023-06-04

Updated

2025-01-06

CVE-2023-0667

CVSS v3.1

6.5

Medium

Vector

AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions Wireshark versions 4.0.5 and prior

Description The issue arises from a failure to validate the length of an attacker-crafted MSMMS packet, leading to a heap-based buffer overflow. This could result in code execution within the context of the process running the affected software. The issue is particularly relevant in unusual configurations.

Recommendations For Wireshark versions 4.0.5 and prior, update to a version that addresses this issue to prevent potential heap-based buffer overflow and code execution. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Heap Based Buffer Overflow

Memory Corruption

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-122CWE-787

Related Identifiers

ALT-PU-2023-1938

ALT-PU-2023-1971

ALT-PU-2023-1976

ALT-PU-2023-5823

ALT-PU-2023-6556

AZL-27144

CVE-2023-0667

DLA-3906-1

DSA-5429-1

OESA-2023-1363

OESA-2023-1371

OESA-2023-1372

OESA-2023-1373

OESA-2023-1374

OPENSUSE-SU-2023_3252-1

OPENSUSE-SU-2024:13014-1

ROSA-SA-2024-2388

SUSE-SU-2023:3252-1

SUSE-SU-2023_3252-1

Affected Products

Alt Linux

Astra Linux

Suse

Wireshark

PT-2023-16439 · Wireshark+3 · Wireshark+3

CVE-2023-0667

Weakness Enumeration

Related Identifiers

Affected Products

References · 48