CVE-2023-0417
Published on: Not Yet Published
Last Modified on: 02/09/2023 12:16:00 AM UTC
Certain versions of Wireshark from Wireshark contain the following vulnerability:
Memory leak in the NFS dissector in Wireshark 4.0.0 to 4.0.2 and 3.6.0 to 3.6.10 and allows denial of service via packet injection or crafted capture file
- CVE-2023-0417 has been assigned by
[email protected] to track the vulnerability - currently rated as MEDIUM severity.
- Affected Vendor/Software:
Wireshark Foundation - Wireshark version >=4.0.0, <4.0.3
- Affected Vendor/Software:
Wireshark Foundation - Wireshark version >=3.6.0, <3.6.11
CVSS3 Score: 6.5 - MEDIUM
Attack Vector ⓘ |
Attack Complexity |
Privileges Required |
User Interaction |
---|---|---|---|
NETWORK | LOW | NONE | REQUIRED |
Scope | Confidentiality Impact |
Integrity Impact |
Availability Impact |
UNCHANGED | NONE | NONE | HIGH |
CVE References
Description | Tags ⓘ | Link |
---|---|---|
[SECURITY] [DLA 3313-1] wireshark security update | lists.debian.org text/html |
![]() |
Fuzz job crash output: fuzz-2022-11-12-7114.pcap (#18628) · Issues · Wireshark Foundation / wireshark · GitLab | gitlab.com text/html |
![]() |
Wireshark · wnpa-sec-2023-02 · NFS dissector memory leak | www.wireshark.org text/html |
![]() |
2023/CVE-2023-0417.json · master · GitLab.org / cves · GitLab | gitlab.com text/html |
![]() |
Related QID Numbers
- 181549 Debian Security Update for wireshark (DLA 3313-1)
- 183569 Debian Security Update for wireshark (CVE-2023-0417)
- 355096 Amazon Linux Security Advisory for wireshark : ALAS2-2023-2040
- 355179 Amazon Linux Security Advisory for wireshark : ALAS2023-2023-120
- 753670 SUSE Enterprise Linux Security Update for wireshark (SUSE-SU-2023:0343-1)
Exploit/POC from Github
Memory leak in the NFS dissector in Wireshark 4.0.0 to 4.0.2 and 3.6.0 to 3.6.10 and allows denial of service via pac…
Known Affected Configurations (CPE V2.3)
Type | Vendor | Product | Version | Update | Edition | Language |
---|---|---|---|---|---|---|
Application | Wireshark | Wireshark | All | All | All | All |
Application | Wireshark | Wireshark | All | All | All | All |
- cpe:2.3:a:wireshark:wireshark:*:*:*:*:*:*:*:*:
- cpe:2.3:a:wireshark:wireshark:*:*:*:*:*:*:*:*:
No vendor comments have been submitted for this CVE
Social Mentions
Source | Title | Posted (UTC) |
---|---|---|
![]() |
CVE-2023-0417 : Memory leak in the NFS dissector in Wireshark 4.0.0 to 4.0.2 and 3.6.0 to 3.6.10 and allows denial… twitter.com/i/web/status/1… | 2023-01-26 21:49:46 |