Lucene search

[email protected]NVD:CVE-2023-2854

HistoryMay 26, 2023 - 9:15 p.m.

CVE-2023-2854

2023-05-2621:15:17

CWE-787

[email protected]

web.nvd.nist.gov

wireshark

blf file parser

denial of service

vulnerability

CVSS3

6.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

AI Score

5.8

Confidence

High

EPSS

0.001

Percentile

33.4%

JSON

BLF file parser crash in Wireshark 4.0.0 to 4.0.5 and 3.6.0 to 3.6.13 allows denial of service via crafted capture file

Affected configurations

NVD

Node

wiresharkwiresharkRange3.6.0–3.6.14

wiresharkwiresharkRange4.0.0–4.0.6

Node

debiandebian_linuxMatch12.0

References

gitlab.com/gitlab-org/cves/-/blob/master/2023/CVE-2023-2854.json

gitlab.com/wireshark/wireshark/-/issues/19084

security.gentoo.org/glsa/202309-02

www.debian.org/security/2023/dsa-5429

www.wireshark.org/security/wnpa-sec-2023-17.html

CVSS3

6.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

AI Score

5.8

Confidence

High

EPSS

0.001

Percentile

33.4%

JSON

Related for NVD:CVE-2023-2854

debiancve1 veracode1 ubuntucve1 cvelist1 prion1 osv2 redhatcve1 cve1 kaspersky1 nessus7 rosalinux1 debian1 openvas1 gentoo1