Advisory ROSA-SA-2024-2390

Software: wireshark 4.0.10
OS: ROSA-CHROME

package_evr_string: wireshark-4.0.10-1.src.rpm

CVE-ID: CVE-2023-2858
BDU-ID: None
CVE-Crit: MEDIUM
CVE-DESC.: NetScaler file analyzer failure in Wireshark allows a denial of service via a created capture file.
CVE-STATUS: Fixed
CVE-REV: To close, run the command: sudo dnf update wireshark

CVE-ID: CVE-2023-2879
BDU-ID: None
CVE-Crit: MEDIUM
CVE-DESC.: NetScaler file analyzer failure in Wireshark allows a denial of service via a created capture file.
CVE-STATUS: Fixed
CVE-REV: To close, run the command: sudo dnf update wireshark

CVE-ID: CVE-2023-2906
BDU-ID: 2023-05022
CVE-Crit: HIGH
CVE-DESC.: A vulnerability in the CP2179 component of the Wireshark computer network traffic analyzer is related to a division by zero error. Exploitation of the vulnerability could allow an attacker acting remotely to cause a denial of service
CVE-STATUS: Fixed
CVE-REV: To close, run the command: sudo dnf update wireshark

CVE-ID: CVE-2023-2952
BDU-ID: None
CVE-Crit: MEDIUM
CVE-DESC.: The XRA dissector infinite loop in Wireshark allows denial of service via packet injection or a created capture file.
CVE-STATUS: Fixed
CVE-REV: To close, run the command: sudo dnf update wireshark

CVE-ID: CVE-2023-3648
BDU-ID: 2023-05695
CVE-Crit: MEDIUM
CVE-DESC.: A vulnerability in the computer network traffic analyzer Wireshark is related to inconsistent memory management. Exploitation of the vulnerability could allow an attacker to cause a denial of service
CVE-STATUS: Fixed
CVE-REV: To close, run the command: sudo dnf update wireshark

CVE-ID: CVE-2023-3649
BDU-ID: 2023-05696
CVE-Crit: MEDIUM
CVE-DESC.: A vulnerability in the computer network traffic analyzer Wireshark involves reading beyond buffer boundaries in memory. Exploitation of the vulnerability could allow an attacker to cause a denial of service
CVE-STATUS: Fixed.
CVE-REV: To close, run the command: sudo dnf update wireshark

CVE-ID: CVE-2023-4511
BDU-ID: 2023-05711
CVE-Crit: HIGH
CVE-DESC.: A vulnerability in the computer network traffic analyzer Wireshark is related to the execution of a loop with an unreachable exit condition. Exploitation of the vulnerability could allow an attacker acting remotely to cause a denial of service.
CVE-STATUS: Resolved
CVE-REV: To close, run the command: sudo dnf update wireshark

CVE-ID: CVE-2023-4512
BDU-ID: 2023-05713
CVE-Crit: HIGH
CVE-DESC.: A vulnerability in the computer network traffic analyzer Wireshark is caused by uncontrolled recursion. Exploitation of the vulnerability could allow an attacker acting remotely to cause a denial of service.
CVE-STATUS: Fixed
CVE-REV: To close, run the command: sudo dnf update wireshark

CVE-ID: CVE-2023-4513
BDU-ID: 2023-05712
CVE-Crit: HIGH
CVE-DESC.: A vulnerability in the computer network traffic analyzer Wireshark is related to a memory release error. Exploitation of the vulnerability could allow an attacker acting remotely to cause a denial of service
CVE-STATUS: Fixed
CVE-REV: To close, run the command: sudo dnf update wireshark

CVE-ID: CVE-2023-5371
BDU-ID: 2023-06834
CVE-Crit: HIGH
CVE-DESC.: A vulnerability in the RTPS dissector of the RTPS computer network traffic analyzer Wireshark is related to unrestricted resource allocation. Exploitation of the vulnerability could allow an attacker acting remotely to cause a denial of service
CVE-STATUS: Resolved
CVE-REV: To close, run the command: sudo dnf update wireshark