Main Vulnerability Database SB2023101649

SB2023101649 - SUSE update for wireshark

Published: October 16, 2023

Security Bulletin ID SB2023101649

Severity

Medium

Patch available

YES

Number of vulnerabilities 1

Exploitation vector Remote access

Highest impact Denial of service

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 1 security vulnerability.

1) Memory leak (CVE-ID: CVE-2023-5371)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to memory leak within the RTPS dissector. A remote attacker can send specially crafted traffic to the system and perform a denial of service attack.

Remediation

Install update from vendor's website.

References

https://www.suse.com/support/update/announcement/2023/suse-su-20234083-1/

Vulnerable Software

Desktop Applications Module: 15-SP4 - 15-SP5
Basesystem Module: 15-SP4 - 15-SP5
SUSE Linux Enterprise Server for SAP Applications 15: SP4 - SP5
SUSE Linux Enterprise Server 15: SP4 - SP5
SUSE Linux Enterprise Real Time 15: SP4 - SP5
SUSE Linux Enterprise High Performance Computing 15: SP4 - SP5
SUSE Linux Enterprise Desktop 15: SP4 - SP5
SUSE Manager Retail Branch Server: 4.2 - 4.3
SUSE Manager Server: 4.2 - 4.3
SUSE Manager Proxy: 4.2 - 4.3
wireshark-devel: before 3.6.17-150000.3.103.1
wireshark-ui-qt-debuginfo: before 3.6.17-150000.3.103.1
wireshark-ui-qt: before 3.6.17-150000.3.103.1
libwireshark15-debuginfo: before 3.6.17-150000.3.103.1
wireshark-debugsource: before 3.6.17-150000.3.103.1
libwireshark15: before 3.6.17-150000.3.103.1
libwsutil13-debuginfo: before 3.6.17-150000.3.103.1
wireshark-debuginfo: before 3.6.17-150000.3.103.1
libwiretap12-debuginfo: before 3.6.17-150000.3.103.1
libwiretap12: before 3.6.17-150000.3.103.1
libwsutil13: before 3.6.17-150000.3.103.1
wireshark: before 3.6.17-150000.3.103.1