vulnerability
Amazon Linux 2023: CVE-2023-4512: Medium priority package update for wireshark
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 8 | (AV:N/AC:L/Au:N/C:N/I:N/A:C) | Aug 24, 2023 | Feb 17, 2025 | Feb 17, 2025 |
Severity
8
CVSS
(AV:N/AC:L/Au:N/C:N/I:N/A:C)
Published
Aug 24, 2023
Added
Feb 17, 2025
Modified
Feb 17, 2025
Description
CBOR dissector crash in Wireshark 4.0.0 to 4.0.6 allows denial of service via packet injection or crafted capture file
A denial of service vulnerability was found in Wireshark due to insufficient validation of user-supplied input in the CBOR protocol dissector. This issue could allow a remote attacker to inject a malformed packet onto the wire or persuade someone to read a corrupted packet trace file. The issue manifests as an uncontrolled recursion loop leading to a stack overflow, resulting in Wireshark crashing.
A denial of service vulnerability was found in Wireshark due to insufficient validation of user-supplied input in the CBOR protocol dissector. This issue could allow a remote attacker to inject a malformed packet onto the wire or persuade someone to read a corrupted packet trace file. The issue manifests as an uncontrolled recursion loop leading to a stack overflow, resulting in Wireshark crashing.
Solution(s)
amazon-linux-2023-upgrade-wireshark-cliamazon-linux-2023-upgrade-wireshark-cli-debuginfoamazon-linux-2023-upgrade-wireshark-debugsourceamazon-linux-2023-upgrade-wireshark-devel
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.