Kaspersky Threats

Detect date

01/18/2023

Severity

?

High

Description

Multiple vulnerabilities were found in Wireshark. Malicious users can exploit these vulnerabilities to obtain sensitive information, cause denial of service.

Below is a complete list of vulnerabilities:

Denial of service vulnerability in EAP dissector can be exploited to cause denial of service.
Denial of service vulnerability in BPv6, NCP, and RTPS dissectors can be exploited to cause denial of service.
Denial of service vulnerability in GNW dissector can be exploited to cause denial of service.
Denial of service vulnerability in TIPC dissector can be exploited to cause denial of service.
Information disclosure vulnerability in NFS dissector can be exploited to obtain sensitive information.
Denial of service vulnerability in iSCSI dissector can be exploited to cause denial of service.
Denial of service vulnerability in Some dissectors can be exploited to cause denial of service.

Affected products

Wireshark 3.6.x earlier than 3.6.11
Wireshark 4.0.x earlier than 4.0.3

Solution

Update to the latest version
Download Wireshark

Original advisories

Wireshark • wnpa-sec-2023-03 Dissection engine crash
Wireshark • wnpa-sec-2023-04 GNW dissector crash
Wireshark • wnpa-sec-2023-01 EAP dissector crash
Wireshark • wnpa-sec-2023-06 Multiple dissector excessive loops
Wireshark • wnpa-sec-2023-05 iSCSI dissector crash
Wireshark • wnpa-sec-2023-02 NFS dissector memory leak
Wireshark • wnpa-sec-2023-07 TIPC dissector crash

Impacts

?

OSI

[?]

DoS

[?]

Detect date	01/18/2023
Severity ?	High
Description	Multiple vulnerabilities were found in Wireshark. Malicious users can exploit these vulnerabilities to obtain sensitive information, cause denial of service. Below is a complete list of vulnerabilities: Denial of service vulnerability in EAP dissector can be exploited to cause denial of service. Denial of service vulnerability in BPv6, NCP, and RTPS dissectors can be exploited to cause denial of service. Denial of service vulnerability in GNW dissector can be exploited to cause denial of service. Denial of service vulnerability in TIPC dissector can be exploited to cause denial of service. Information disclosure vulnerability in NFS dissector can be exploited to obtain sensitive information. Denial of service vulnerability in iSCSI dissector can be exploited to cause denial of service. Denial of service vulnerability in Some dissectors can be exploited to cause denial of service.
Affected products	Wireshark 3.6.x earlier than 3.6.11 Wireshark 4.0.x earlier than 4.0.3
Solution	Update to the latest version Download Wireshark
Original advisories	Wireshark • wnpa-sec-2023-03 Dissection engine crash Wireshark • wnpa-sec-2023-04 GNW dissector crash Wireshark • wnpa-sec-2023-01 EAP dissector crash Wireshark • wnpa-sec-2023-06 Multiple dissector excessive loops Wireshark • wnpa-sec-2023-05 iSCSI dissector crash Wireshark • wnpa-sec-2023-02 NFS dissector memory leak Wireshark • wnpa-sec-2023-07 TIPC dissector crash
Impacts ?	OSI [?] DoS [?]
Related products	Wireshark
CVE-IDS ?	CVE-2023-04115.0Warning CVE-2023-04125.0Warning CVE-2023-04135.0Warning CVE-2023-04145.0Warning CVE-2023-04155.0Warning CVE-2023-04165.0Warning CVE-2023-04175.0Warning
	Find out the statistics of the vulnerabilities spreading in your region

KLA61753Multiple vulnerabilities in Wireshark

KLA61753
Multiple vulnerabilities in Wireshark