CVE-2023-6175

CVSS v3.1

7.8

High

Vector

AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Wireshark versions 3.6.0 through 3.6.18 Wireshark versions 4.0.0 through 4.0.10

Description The issue is related to a NetScreen file parser crash in Wireshark, which can be exploited to cause a denial of service via a crafted capture file. This is due to a buffer overflow operation. The exploitation of this issue may allow an attacker to cause a service disruption.

Recommendations For Wireshark versions 3.6.0 through 3.6.18, update to a version outside of this range to resolve the issue. For Wireshark versions 4.0.0 through 4.0.10, update to a version outside of this range to resolve the issue. As a temporary workaround, consider avoiding the use of crafted capture files that may trigger the NetScreen file parser crash until a patch is available.

Exploit

Fix

DoS

Heap Based Buffer Overflow

Buffer Overflow

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-122CWE-119CWE-120

Related Identifiers

AZL-42527

AZL-42552

BDU:2023-08203

CVE-2023-6175

DLA-3746-1

DLA-3906-1

DSA-5559-1

MGASA-2024-0045

OESA-2023-1847

OPENSUSE-SU-2023_4938-1

OPENSUSE-SU-2024:13458-1

OPENSUSE-SU-2024_3165-1

SUSE-SU-2023:4938-1

SUSE-SU-2023_4938-1

SUSE-SU-2024:3165-1

ZDI-24-355

Affected Products

Astra Linux

Red Os

Suse

Wireshark

CVE-2023-6175

Weakness Enumeration

Related Identifiers

Affected Products

References · 59