CVE-2023-0668 - OpenCVE

Due to failure in validating the length provided by an attacker-crafted IEEE-C37.118 packet, Wireshark version 4.0.5 and prior, by default, is susceptible to a heap-based buffer overflow, and possibly code execution in the context of the process running Wireshark.

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction Required

No CVSS v3.0

No CVSS v2

Vendors & Products
CPE Configurations

Vendors	Products
Debian	Debian Linux
Wireshark	Wireshark

Configuration 1 [-]

OR	cpe:2.3:a:wireshark:wireshark::::::::
	cpe:2.3:a:wireshark:wireshark::::::::

Configuration 2 [-]

cpe:2.3:o:debian:debian_linux:12.0:*:*:*:*:*:*:*

References

Link	Resource
https://gitlab.com/wireshark/wireshark/-/issues/19087	Exploit Issue Tracking
https://security.gentoo.org/glsa/202309-02	Third Party Advisory
https://takeonme.org/cves/CVE-2023-0668.html	Exploit
https://www.debian.org/security/2023/dsa-5429	Third Party Advisory
https://www.wireshark.org/docs/relnotes/wireshark-4.0.6.html	Release Notes
https://www.wireshark.org/security/wnpa-sec-2023-19.html	Vendor Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: AHA

Published: 2023-06-07T02:32:45.095Z

Updated: 2023-06-08T13:00:53.650Z

Reserved: 2023-02-03T22:08:47.155Z

Link: CVE-2023-0668

JSON object: View

NVD Information

Status : Analyzed

Published: 2023-06-07T03:15:09.193

Modified: 2023-10-20T20:56:32.827

Link: CVE-2023-0668

JSON object: View

Redhat Information

No data.

CWE

{"dataType": "CVE_RECORD", "dataVersion": "5.0", "cveMetadata": {"cveId": "CVE-2023-0668", "assignerOrgId": "26969f82-7e87-44d8-9cb5-f6fb926ddd43", "state": "PUBLISHED", "assignerShortName": "AHA", "dateReserved": "2023-02-03T22:08:47.155Z", "datePublished": "2023-06-07T02:32:45.095Z", "dateUpdated": "2023-06-08T13:00:53.650Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "Wireshark", "vendor": "Wireshark Foundation", "versions": [{"lessThanOrEqual": "4.0.5", "status": "affected", "version": "4.0.0", "versionType": "semver"}, {"status": "unaffected", "version": "4.0.6"}, {"lessThanOrEqual": "3.6.13", "status": "affected", "version": "3.6.0", "versionType": "semver"}, {"status": "unaffected", "version": "3.6.14"}]}], "credits": [{"lang": "en", "type": "finder", "user": "00000000-0000-4000-9000-000000000000", "value": "zenofex"}, {"lang": "en", "type": "finder", "user": "00000000-0000-4000-9000-000000000000", "value": "WanderingGlitch"}, {"lang": "en", "type": "coordinator", "user": "00000000-0000-4000-9000-000000000000", "value": "Austin Hackers Anonymous!"}], "datePublic": "2023-05-22T19:04:00.000Z", "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "Due to failure in validating the length provided by an attacker-crafted IEEE-C37.118 packet, Wireshark version 4.0.5 and prior, by default, is susceptible to a heap-based buffer overflow, and possibly code execution in the context of the process running Wireshark."}], "value": "Due to failure in validating the length provided by an attacker-crafted IEEE-C37.118 packet, Wireshark version 4.0.5 and prior, by default, is susceptible to a heap-based buffer overflow, and possibly code execution in the context of the process running Wireshark."}], "impacts": [{"capecId": "CAPEC-540", "descriptions": [{"lang": "en", "value": "CAPEC-540 Overread Buffers"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-125", "description": "CWE-125 Out-of-bounds Read", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "26969f82-7e87-44d8-9cb5-f6fb926ddd43", "shortName": "AHA", "dateUpdated": "2023-06-08T13:00:53.650Z"}, "references": [{"tags": ["third-party-advisory"], "url": "https://takeonme.org/cves/CVE-2023-0668.html"}, {"tags": ["issue-tracking"], "url": "https://gitlab.com/wireshark/wireshark/-/issues/19087"}, {"tags": ["release-notes"], "url": "https://www.wireshark.org/docs/relnotes/wireshark-4.0.6.html"}, {"tags": ["vendor-advisory"], "url": "https://www.wireshark.org/security/wnpa-sec-2023-19.html"}, {"url": "https://www.debian.org/security/2023/dsa-5429"}, {"url": "https://security.gentoo.org/glsa/202309-02"}], "source": {"discovery": "EXTERNAL"}, "title": "Wireshark IEEE-C37.118 parsing buffer overflow", "x_generator": {"engine": "Vulnogram 0.1.0-dev"}}}}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:wireshark:wireshark:*:*:*:*:*:*:*:*", "matchCriteriaId": "CED49BFD-0350-4790-9D15-35875AEE4F00", "versionEndExcluding": "3.6.14", "versionStartIncluding": "3.6.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:wireshark:wireshark:*:*:*:*:*:*:*:*", "matchCriteriaId": "FBA0E5F8-10A3-4294-95A8-6CB594C4DADE", "versionEndExcluding": "4.0.6", "versionStartIncluding": "4.0.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:debian:debian_linux:12.0:*:*:*:*:*:*:*", "matchCriteriaId": "46D69DCC-AE4D-4EA5-861C-D60951444C6C", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Due to failure in validating the length provided by an attacker-crafted IEEE-C37.118 packet, Wireshark version 4.0.5 and prior, by default, is susceptible to a heap-based buffer overflow, and possibly code execution in the context of the process running Wireshark."}, {"lang": "es", "value": "Debido a un fallo en la validaci\u00f3n de la longitud proporcionada por un atacante de paquetes IEEE-C37.118, Wireshark v4.0.5 y anteriores, por defecto, es susceptible a un desbordamiento de b\u00fafer de la pila, y posiblemente la ejecuci\u00f3n de c\u00f3digo en el contexto del proceso que ejecuta Wireshark. "}], "id": "CVE-2023-0668", "lastModified": "2023-10-20T20:56:32.827", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2023-06-07T03:15:09.193", "references": [{"source": "cve@takeonme.org", "tags": ["Exploit", "Issue Tracking"], "url": "https://gitlab.com/wireshark/wireshark/-/issues/19087"}, {"source": "cve@takeonme.org", "tags": ["Third Party Advisory"], "url": "https://security.gentoo.org/glsa/202309-02"}, {"source": "cve@takeonme.org", "tags": ["Exploit"], "url": "https://takeonme.org/cves/CVE-2023-0668.html"}, {"source": "cve@takeonme.org", "tags": ["Third Party Advisory"], "url": "https://www.debian.org/security/2023/dsa-5429"}, {"source": "cve@takeonme.org", "tags": ["Release Notes"], "url": "https://www.wireshark.org/docs/relnotes/wireshark-4.0.6.html"}, {"source": "cve@takeonme.org", "tags": ["Vendor Advisory"], "url": "https://www.wireshark.org/security/wnpa-sec-2023-19.html"}], "sourceIdentifier": "cve@takeonme.org", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-787"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-125"}], "source": "cve@takeonme.org", "type": "Secondary"}]}