SB2023021030 - SUSE update for wireshark

CSH
CYBERSECURITY HELP
Sign In REGISTER

Main Vulnerability Database SB2023021030

SB2023021030 - SUSE update for wireshark

Published: February 10, 2023

Security Bulletin ID SB2023021030
Severity
Medium
Patch available
YES
Number of vulnerabilities 7
Exploitation vector Remote access
Highest impact Denial of service

Breakdown by Severity

Medium 100%
  • Low
  • Medium
  • High
  • Critical

Description

This security bulletin contains information about 7 secuirty vulnerabilities.


1) Infinite loop (CVE-ID: CVE-2022-4345)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to infinite loop within the BPv6, OpenFlow, and Kafka protocol dissectors. A remote attacker can consume all available system resources and cause denial of service conditions.


2) Infinite loop (CVE-ID: CVE-2023-0411)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to infinite loop within the BPv6, NCP, and RTPS dissectors. A remote attacker can consume all available CPU resources and cause denial of service conditions.


3) Input validation error (CVE-ID: CVE-2023-0412)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to insufficient validation of user-supplied input within the TIPC dissector. A remote attacker can pass specially crafted input to the application and perform a denial of service (DoS) attack.


4) Input validation error (CVE-ID: CVE-2023-0413)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to insufficient validation of user-supplied input within the conversation tracking module in Dissection engine. A remote attacker can pass specially crafted traffic to the application and perform a denial of service (DoS) attack.


5) Input validation error (CVE-ID: CVE-2023-0415)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to insufficient validation of user-supplied input within the iSCSI dissector. A remote attacker can pass specially crafted traffic to the application and perform a denial of service (DoS) attack.


6) Input validation error (CVE-ID: CVE-2023-0416)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to insufficient validation of user-supplied input within the GNW dissector. A remote attacker can pass specially crafted traffic to the application and perform a denial of service (DoS) attack.


7) Memory leak (CVE-ID: CVE-2023-0417)

The vulnerability allows a remote attacker to perform DoS attack on the target system.

The vulnerability exists due memory leak within the NFS dissector. A remote attacker can force the application to leak memory and perform denial of service attack.


Remediation

Install update from vendor's website.

References