OESA-2023-1094
- Source
- https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2023-1094
- Import Source
- https://repo.openeuler.org/security/data/osv/OESA-2023-1094.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/OESA-2023-1094
- Upstream
- Published
- 2023-02-17T11:04:54Z
- Modified
- 2025-08-12T05:14:36.560963Z
- Summary
- wireshark security update
- Details
-
Wireshark is an open source tool for profiling network traffic and analyzing packets. Such a tool is often referred to as a network analyzer, network protocol analyzer or sniffer.Wireshark, formerly known as Ethereal, can be used to examine the details of traffic at a variety of levels ranging from connection-level information to the bits that make up a single packet. Packet capture can provide a network administrator with information about individual packets such as transmit time, source, destination, protocol type and header data. This information can be useful for evaluating security events and troubleshooting network security device issues.
Security Fix(es):
Crash in the USB HID protocol dissector in Wireshark 3.6.0 to 3.6.8 allows denial of service via packet injection or crafted capture file on Windows(CVE-2022-3724)
Memory exhaustion in the Kafka protocol dissector in Wireshark 4.0.0 to 4.0.1 and 3.6.0 to 3.6.9 allows denial of service via packet injection or crafted capture file(CVE-2022-4344)
Infinite loops in the BPv6, OpenFlow, and Kafka protocol dissectors in Wireshark 4.0.0 to 4.0.1 and 3.6.0 to 3.6.9 allows denial of service via packet injection or crafted capture file(CVE-2022-4345)
Dissection engine bug in Wireshark 4.0.0 to 4.0.2 and 3.6.0 to 3.6.10 and allows denial of service via packet injection or crafted capture file(CVE-2023-0413)
Memory leak in the NFS dissector in Wireshark 4.0.0 to 4.0.2 and 3.6.0 to 3.6.10 and allows denial of service via packet injection or crafted capture file(CVE-2023-0417)
iSCSI dissector crash in Wireshark 4.0.0 to 4.0.2 and 3.6.0 to 3.6.10 and allows denial of service via packet injection or crafted capture file(CVE-2023-0415)
Excessive loops in multiple dissectors in Wireshark 4.0.0 to 4.0.2 and 3.6.0 to 3.6.10 and allows denial of service via packet injection or crafted capture file(CVE-2023-0411)
TIPC dissector crash in Wireshark 4.0.0 to 4.0.2 and 3.6.0 to 3.6.10 and allows denial of service via packet injection or crafted capture file(CVE-2023-0412)
GNW dissector crash in Wireshark 4.0.0 to 4.0.2 and 3.6.0 to 3.6.10 and allows denial of service via packet injection or crafted capture file(CVE-2023-0416)
- Database specific
{ "severity": "High" }- References
-
- https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2023-1094
- https://nvd.nist.gov/vuln/detail/CVE-2022-3724
- https://nvd.nist.gov/vuln/detail/CVE-2022-4344
- https://nvd.nist.gov/vuln/detail/CVE-2022-4345
- https://nvd.nist.gov/vuln/detail/CVE-2023-0413
- https://nvd.nist.gov/vuln/detail/CVE-2023-0417
- https://nvd.nist.gov/vuln/detail/CVE-2023-0415
- https://nvd.nist.gov/vuln/detail/CVE-2023-0411
- https://nvd.nist.gov/vuln/detail/CVE-2023-0412
- https://nvd.nist.gov/vuln/detail/CVE-2023-0416
Affected packages
openEuler:22.03-LTS / wireshark
Package
- Name
- wireshark
- Purl
- pkg:rpm/openEuler/wireshark&distro=openEuler-22.03-LTS
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed3.6.11-1.oe2203
Ecosystem specific
{
"x86_64": [
"wireshark-debuginfo-3.6.11-1.oe2203.x86_64.rpm",
"wireshark-help-3.6.11-1.oe2203.x86_64.rpm",
"wireshark-debugsource-3.6.11-1.oe2203.x86_64.rpm",
"wireshark-devel-3.6.11-1.oe2203.x86_64.rpm",
"wireshark-3.6.11-1.oe2203.x86_64.rpm"
],
"aarch64": [
"wireshark-help-3.6.11-1.oe2203.aarch64.rpm",
"wireshark-debugsource-3.6.11-1.oe2203.aarch64.rpm",
"wireshark-devel-3.6.11-1.oe2203.aarch64.rpm",
"wireshark-debuginfo-3.6.11-1.oe2203.aarch64.rpm",
"wireshark-3.6.11-1.oe2203.aarch64.rpm"
],
"src": [
"wireshark-3.6.11-1.oe2203.src.rpm"
]
}