Lucene search

Veracode Vulnerability DatabaseVERACODE:42552

HistoryAug 07, 2023 - 12:55 a.m.

Denial Of Service (DoS)

2023-08-0700:55:59

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

wireshark

vulnerability

blf file parser

dos

application crash

software

CVSS3

6.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

EPSS

0.001

Percentile

33.4%

JSON

wireshark is vulnerable to Denial Of Service (DoS). The vulnerability exists through the BLF file parser in the library, allowing an attacker to cause an application crash via maliciously crafted file

References

gitlab.com/gitlab-org/cves/-/blob/master/2023/CVE-2023-2854.json

gitlab.com/wireshark/wireshark/-/issues/19084

security-tracker.debian.org/tracker/CVE-2023-2854

security.gentoo.org/glsa/202309-02

www.debian.org/security/2023/dsa-5429

www.wireshark.org/security/wnpa-sec-2023-17.html

CVSS3

6.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

EPSS

0.001

Percentile

33.4%

JSON

Related for VERACODE:42552