CVE-2023-0666 - OpenCVE

Due to failure in validating the length provided by an attacker-crafted RTPS packet, Wireshark version 4.0.5 and prior, by default, is susceptible to a heap-based buffer overflow, and possibly code execution in the context of the process running Wireshark.

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction Required

No CVSS v3.0

No CVSS v2

Vendors & Products
CPE Configurations

Vendors	Products
Debian	Debian Linux
Wireshark	Wireshark

Configuration 1 [-]

cpe:2.3:a:wireshark:wireshark:*:*:*:*:*:*:*:*

Configuration 2 [-]

cpe:2.3:o:debian:debian_linux:12.0:*:*:*:*:*:*:*

References

Link	Resource
https://gitlab.com/wireshark/wireshark/-/issues/19085	Exploit Issue Tracking
https://security.gentoo.org/glsa/202309-02	Third Party Advisory
https://takeonme.org/cves/CVE-2023-0666.html	Exploit
https://www.debian.org/security/2023/dsa-5429	Third Party Advisory
https://www.wireshark.org/docs/relnotes/wireshark-4.0.6.html	Release Notes
https://www.wireshark.org/security/wnpa-sec-2023-18.html	Vendor Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: AHA

Published: 2023-06-07T02:25:27.974Z

Updated: 2023-06-07T02:42:41.249Z

Reserved: 2023-02-03T22:06:14.542Z

Link: CVE-2023-0666

JSON object: View

NVD Information

Status : Analyzed

Published: 2023-06-07T03:15:09.000

Modified: 2023-10-20T20:53:33.607

Link: CVE-2023-0666

JSON object: View

Redhat Information

No data.

CWE

{"dataType": "CVE_RECORD", "dataVersion": "5.0", "cveMetadata": {"cveId": "CVE-2023-0666", "assignerOrgId": "26969f82-7e87-44d8-9cb5-f6fb926ddd43", "state": "PUBLISHED", "assignerShortName": "AHA", "dateReserved": "2023-02-03T22:06:14.542Z", "datePublished": "2023-06-07T02:25:27.974Z", "dateUpdated": "2023-06-07T02:42:41.249Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "Wireshark", "vendor": "Wireshark Foundation", "versions": [{"lessThanOrEqual": "4.0.5", "status": "affected", "version": "4.0.0", "versionType": "semver"}, {"status": "unaffected", "version": "4.0.6"}]}], "credits": [{"lang": "en", "type": "finder", "user": "00000000-0000-4000-9000-000000000000", "value": "Austin Hackers Anonymous!"}, {"lang": "en", "type": "coordinator", "user": "00000000-0000-4000-9000-000000000000", "value": "Austin Hackers Anonymous!"}], "datePublic": "2023-05-22T19:04:00.000Z", "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "Due to failure in validating the length provided by an attacker-crafted RTPS packet, Wireshark version 4.0.5 and prior, by default, is susceptible to a heap-based buffer overflow, and possibly code execution in the context of the process running Wireshark."}], "value": "Due to failure in validating the length provided by an attacker-crafted RTPS packet, Wireshark version 4.0.5 and prior, by default, is susceptible to a heap-based buffer overflow, and possibly code execution in the context of the process running Wireshark."}], "impacts": [{"capecId": "CAPEC-100", "descriptions": [{"lang": "en", "value": "CAPEC-100 Overflow Buffers"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-122", "description": "CWE-122: Heap-based Buffer Overflow", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "26969f82-7e87-44d8-9cb5-f6fb926ddd43", "shortName": "AHA", "dateUpdated": "2023-06-07T02:42:41.249Z"}, "references": [{"tags": ["third-party-advisory"], "url": "https://takeonme.org/cves/CVE-2023-0666.html"}, {"tags": ["issue-tracking"], "url": "https://gitlab.com/wireshark/wireshark/-/issues/19085"}, {"tags": ["release-notes"], "url": "https://www.wireshark.org/docs/relnotes/wireshark-4.0.6.html"}, {"tags": ["vendor-advisory"], "url": "https://www.wireshark.org/security/wnpa-sec-2023-18.html"}, {"url": "https://www.debian.org/security/2023/dsa-5429"}, {"url": "https://security.gentoo.org/glsa/202309-02"}], "source": {"discovery": "EXTERNAL"}, "title": "Wireshark RTPS Parsing Buffer Overflow", "x_generator": {"engine": "Vulnogram 0.1.0-dev"}}}}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:wireshark:wireshark:*:*:*:*:*:*:*:*", "matchCriteriaId": "FBA0E5F8-10A3-4294-95A8-6CB594C4DADE", "versionEndExcluding": "4.0.6", "versionStartIncluding": "4.0.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:debian:debian_linux:12.0:*:*:*:*:*:*:*", "matchCriteriaId": "46D69DCC-AE4D-4EA5-861C-D60951444C6C", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Due to failure in validating the length provided by an attacker-crafted RTPS packet, Wireshark version 4.0.5 and prior, by default, is susceptible to a heap-based buffer overflow, and possibly code execution in the context of the process running Wireshark."}, {"lang": "es", "value": "Debido a un fallo en la validaci\u00f3n de la longitud proporcionada por un atacante de paquetes manipulados RTPS, Wireshark v4.0.5 y anteriores, por defecto, es susceptible a un desbordamiento de b\u00fafer de pila y posiblemente la ejecuci\u00f3n de c\u00f3digo en el contexto del proceso que ejecuta Wireshark. "}], "id": "CVE-2023-0666", "lastModified": "2023-10-20T20:53:33.607", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2023-06-07T03:15:09.000", "references": [{"source": "cve@takeonme.org", "tags": ["Exploit", "Issue Tracking"], "url": "https://gitlab.com/wireshark/wireshark/-/issues/19085"}, {"source": "cve@takeonme.org", "tags": ["Third Party Advisory"], "url": "https://security.gentoo.org/glsa/202309-02"}, {"source": "cve@takeonme.org", "tags": ["Exploit"], "url": "https://takeonme.org/cves/CVE-2023-0666.html"}, {"source": "cve@takeonme.org", "tags": ["Third Party Advisory"], "url": "https://www.debian.org/security/2023/dsa-5429"}, {"source": "cve@takeonme.org", "tags": ["Release Notes"], "url": "https://www.wireshark.org/docs/relnotes/wireshark-4.0.6.html"}, {"source": "cve@takeonme.org", "tags": ["Vendor Advisory"], "url": "https://www.wireshark.org/security/wnpa-sec-2023-18.html"}], "sourceIdentifier": "cve@takeonme.org", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-787"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-122"}], "source": "cve@takeonme.org", "type": "Secondary"}]}