Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
amazonAmazonALAS-2023-1785
HistoryJul 13, 2023 - 11:57 p.m.

Low: wireshark

2023-07-1323:57:00
alas.aws.amazon.com
13
wireshark
buffer overflow
code execution
cve-2023-0667
update
red hat
mitre
unix

6.5 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

0.002 Low

EPSS

Percentile

57.1%

JSON

Issue Overview:

Due to failure in validating the length provided by an attacker-crafted MSMMS packet, Wireshark version 4.0.5 and prior, in an unusual configuration, is susceptible to a heap-based buffer overflow, and possibly code execution in the context of the process running Wireshark. (CVE-2023-0667)

Affected Packages:

wireshark

Issue Correction:
Run yum update wireshark to update your system.

New Packages:

i686:  
    wireshark-devel-1.8.10-25.24.amzn1.i686  
    wireshark-debuginfo-1.8.10-25.24.amzn1.i686  
    wireshark-1.8.10-25.24.amzn1.i686  
  
src:  
    wireshark-1.8.10-25.24.amzn1.src  
  
x86_64:  
    wireshark-devel-1.8.10-25.24.amzn1.x86_64  
    wireshark-debuginfo-1.8.10-25.24.amzn1.x86_64  
    wireshark-1.8.10-25.24.amzn1.x86_64

Additional References

Red Hat: CVE-2023-0667

Mitre: CVE-2023-0667

Related

nessus 8
cvelist 1
amazon 1
veracode 1
cbl_mariner 1
cve 1
ubuntucve 1
prion 1
nvd 1
debiancve 1
redhatcve 1
osv 2
cnvd 1
photon 1
openvas 2
rosalinux 1
gentoo 1
nessus
nessus
Amazon Linux AMI : wireshark (ALAS-2023-1785)
2023-07-20 00:00:00
Amazon Linux 2 : wireshark (ALAS-2023-2113)
2023-07-20 00:00:00
SUSE SLED15 / SLES15 / openSUSE 15 Security Update : wireshark (SUSE-SU-2023:3252-1)
2023-08-10 00:00:00
cvelist
cvelist
CVE-2023-0667 Wireshark MSMMS parsing buffer overflow
2023-06-07 02:38:07
amazon
amazon
Low: wireshark
2023-07-05 22:01:00
veracode
veracode
Heap-based Buffer Overflow
2023-08-06 23:22:39
cbl_mariner
cbl_mariner
CVE-2023-0667 affecting package wireshark for versions less than 4.0.8-1
2023-09-28 11:57:58
cve
cve
CVE-2023-0667
2023-06-07 03:15:09
ubuntucve
ubuntucve
CVE-2023-0667
2023-06-07 00:00:00
prion
prion
Heap overflow
2023-06-07 03:15:00
nvd
nvd
CVE-2023-0667
2023-06-07 03:15:09
debiancve
debiancve
CVE-2023-0667
2023-06-07 03:15:09
redhatcve
redhatcve
CVE-2023-0667
2023-08-07 11:48:53
osv
osv
CVE-2023-0667
2023-06-07 03:15:09
wireshark - security update
2023-06-15 00:00:00
cnvd
cnvd
Wireshark Buffer Overflow Vulnerability (CNVD-2023-62286)
2023-06-08 00:00:00
photon
photon
Important Photon OS Security Update - PHSA-2023-3.0-0620
2023-07-28 00:00:00
openvas
openvas
openSUSE: Security Advisory for wireshark (SUSE-SU-2023:3252-1)
2024-03-04 00:00:00
Debian: Security Advisory (DSA-5429-1)
2023-06-16 00:00:00
rosalinux
rosalinux
Advisory ROSA-SA-2024-2388
2024-04-02 07:22:04
gentoo
gentoo
Wireshark: Multiple Vulnerabilities
2023-09-17 00:00:00

6.5 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

0.002 Low

EPSS

Percentile

57.1%

JSON
Related for ALAS-2023-1785
nessus8cvelist1amazon1veracode1cbl_mariner1cve1ubuntucve1prion1nvd1debiancve1redhatcve1osv2cnvd1photon1openvas2rosalinux1gentoo1