CVE-2023-2906 - OpenCVE

Due to a failure in validating the length provided by an attacker-crafted CP2179 packet, Wireshark versions 2.0.0 through 4.0.7 is susceptible to a divide by zero allowing for a denial of service attack.

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction Required

No CVSS v3.0

No CVSS v2

Vendors & Products
CPE Configurations

Vendors	Products
Wireshark	Wireshark

Configuration 1 [-]

cpe:2.3:a:wireshark:wireshark:*:*:*:*:*:*:*:*

References

Link	Resource
https://gitlab.com/wireshark/wireshark/-/issues/19229	Exploit Issue Tracking Patch Third Party Advisory
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6HCUPLDY7HLPO46PHMGIJSUBJFTT237C/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/L4AVRUYSHDNEAJILVSGY5W6MPOMG2YRF/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TRKHFQPWFU7F3OXTL6IEIQSJG6FVXZTZ/
https://takeonme.org/cves/CVE-2023-2906.html	Exploit Third Party Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: AHA

Published: 2023-08-25T20:41:19.403Z

Updated: 2023-08-25T20:41:19.403Z

Reserved: 2023-05-26T00:46:14.391Z

Link: CVE-2023-2906

JSON object: View

NVD Information

Status : Modified

Published: 2023-08-25T21:15:07.963

Modified: 2023-09-15T22:15:13.367

Link: CVE-2023-2906

JSON object: View

Redhat Information

No data.

CWE

CWE-369

{"dataType": "CVE_RECORD", "dataVersion": "5.0", "cveMetadata": {"cveId": "CVE-2023-2906", "assignerOrgId": "26969f82-7e87-44d8-9cb5-f6fb926ddd43", "state": "PUBLISHED", "assignerShortName": "AHA", "dateReserved": "2023-05-26T00:46:14.391Z", "datePublished": "2023-08-25T20:41:19.403Z", "dateUpdated": "2023-08-25T20:41:19.403Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "Wireshark", "vendor": "Wireshark Foundation", "versions": [{"lessThanOrEqual": "4.0.7", "status": "affected", "version": "2.0.0", "versionType": "semver"}]}], "credits": [{"lang": "en", "type": "finder", "user": "00000000-0000-4000-9000-000000000000", "value": "zenofex"}, {"lang": "en", "type": "finder", "user": "00000000-0000-4000-9000-000000000000", "value": "WanderingGlitch"}, {"lang": "en", "type": "coordinator", "user": "00000000-0000-4000-9000-000000000000", "value": "AHA!"}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "<span style=\"background-color: rgb(255, 255, 255);\">Due to a failure in validating the length provided by an attacker-crafted CP2179 packet, Wireshark versions 2.0.0 through 4.0.7 is susceptible to a divide by zero allowing for a denial of service attack.</span><br>"}], "value": "Due to a failure in validating the length provided by an attacker-crafted CP2179 packet, Wireshark versions 2.0.0 through 4.0.7 is susceptible to a divide by zero allowing for a denial of service attack.\n"}], "problemTypes": [{"descriptions": [{"cweId": "CWE-369", "description": "CWE-369 Divide By Zero", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "26969f82-7e87-44d8-9cb5-f6fb926ddd43", "shortName": "AHA", "dateUpdated": "2023-08-25T20:41:19.403Z"}, "references": [{"tags": ["exploit", "third-party-advisory", "technical-description"], "url": "https://takeonme.org/cves/CVE-2023-2906.html"}, {"tags": ["patch"], "url": "https://gitlab.com/wireshark/wireshark/-/issues/19229"}, {"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/L4AVRUYSHDNEAJILVSGY5W6MPOMG2YRF/"}, {"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6HCUPLDY7HLPO46PHMGIJSUBJFTT237C/"}, {"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TRKHFQPWFU7F3OXTL6IEIQSJG6FVXZTZ/"}], "source": {"discovery": "EXTERNAL"}, "title": "Wireshark CP2179 divide by zero", "x_generator": {"engine": "Vulnogram 0.1.0-dev"}}}}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:wireshark:wireshark:*:*:*:*:*:*:*:*", "matchCriteriaId": "4BC02992-A101-46F2-BC8C-78774D6D2787", "versionEndIncluding": "4.0.7", "versionStartIncluding": "2.0.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Due to a failure in validating the length provided by an attacker-crafted CP2179 packet, Wireshark versions 2.0.0 through 4.0.7 is susceptible to a divide by zero allowing for a denial of service attack.\n"}, {"lang": "es", "value": "Debido a un error al validar la longitud proporcionada por un paquete CP2179 creado por un atacante, las versiones de Wireshark 2.0.0 a 4.0.7 son susceptibles a una divisi\u00f3n por cero, lo que permite un ataque de denegaci\u00f3n de servicio."}], "id": "CVE-2023-2906", "lastModified": "2023-09-15T22:15:13.367", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2023-08-25T21:15:07.963", "references": [{"source": "cve@takeonme.org", "tags": ["Exploit", "Issue Tracking", "Patch", "Third Party Advisory"], "url": "https://gitlab.com/wireshark/wireshark/-/issues/19229"}, {"source": "cve@takeonme.org", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6HCUPLDY7HLPO46PHMGIJSUBJFTT237C/"}, {"source": "cve@takeonme.org", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/L4AVRUYSHDNEAJILVSGY5W6MPOMG2YRF/"}, {"source": "cve@takeonme.org", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TRKHFQPWFU7F3OXTL6IEIQSJG6FVXZTZ/"}, {"source": "cve@takeonme.org", "tags": ["Exploit", "Third Party Advisory"], "url": "https://takeonme.org/cves/CVE-2023-2906.html"}], "sourceIdentifier": "cve@takeonme.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-369"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-369"}], "source": "cve@takeonme.org", "type": "Secondary"}]}