OESA-2024-1427

Source
https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2024-1427
Import Source
https://repo.openeuler.org/security/data/osv/OESA-2024-1427.json
JSON Data
https://api.test.osv.dev/v1/vulns/OESA-2024-1427
Upstream
Published
2024-04-12T11:07:41Z
Modified
2025-08-12T05:38:21.056710Z
Summary
wireshark security update
Details

Wireshark is an open source tool for profiling network traffic and analyzing packets. Such a tool is often referred to as a network analyzer, network protocol analyzer or sniffer.

Security Fix(es):

Due to failure in validating the length provided by an attacker-crafted RTPS packet, Wireshark version 4.0.5 and prior, by default, is susceptible to a heap-based buffer overflow, and possibly code execution in the context of the process running Wireshark.(CVE-2023-0666)

Database specific
{
    "severity": "Medium"
}
References

Affected packages

openEuler:20.03-LTS-SP4 / wireshark

Package

Name
wireshark
Purl
pkg:rpm/openEuler/wireshark&distro=openEuler-20.03-LTS-SP4

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
3.6.14-7.oe2003sp4

Ecosystem specific

{
    "src": [
        "wireshark-3.6.14-7.oe2003sp4.src.rpm"
    ],
    "x86_64": [
        "wireshark-devel-3.6.14-7.oe2003sp4.x86_64.rpm",
        "wireshark-debuginfo-3.6.14-7.oe2003sp4.x86_64.rpm",
        "wireshark-3.6.14-7.oe2003sp4.x86_64.rpm",
        "wireshark-help-3.6.14-7.oe2003sp4.x86_64.rpm",
        "wireshark-debugsource-3.6.14-7.oe2003sp4.x86_64.rpm"
    ],
    "aarch64": [
        "wireshark-debuginfo-3.6.14-7.oe2003sp4.aarch64.rpm",
        "wireshark-3.6.14-7.oe2003sp4.aarch64.rpm",
        "wireshark-devel-3.6.14-7.oe2003sp4.aarch64.rpm",
        "wireshark-debugsource-3.6.14-7.oe2003sp4.aarch64.rpm",
        "wireshark-help-3.6.14-7.oe2003sp4.aarch64.rpm"
    ]
}