Memory leak in the NFS dissector in Wireshark 4.0.0 to 4.0.2 and 3.6.0 to 3.6.10 and allows denial of service via packet injection or crafted capture file

An update of the wireshark package has been released.

The remote Redhat Enterprise Linux 8 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched.

  - wireshark: free operation on an uninitialized memory address in wiretap/netmon.c (CVE-2018-6836)

  - In Wireshark 2.4.0 to 2.4.3 and 2.2.0 to 2.2.11, the IxVeriWave file parser could crash. This was     addressed in wiretap/vwr.c by correcting the signature timestamp bounds checks. (CVE-2018-5334)

  - In Wireshark 2.4.0 to 2.4.3 and 2.2.0 to 2.2.11, the WCP dissector could crash. This was addressed in     epan/dissectors/packet-wcp.c by validating the available buffer length. (CVE-2018-5335)

Note that Nessus has not tested for these issues but has instead relied on the package manager's report that the package is installed.

The remote Redhat Enterprise Linux 9 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched.

  - wireshark: Kafka dissector infinite loop (CVE-2021-4190)

  - wireshark: ISO 15765 and ISO 10681 dissector crash (CVE-2023-1161)

  - Crash in the Sysdig Event dissector in Wireshark 3.6.0 and 3.4.0 to 3.4.10 allows denial of service via     packet injection or crafted capture file (CVE-2021-4181)

Note that Nessus has not tested for these issues but has instead relied on the package manager's report that the package is installed.

The version of wireshark installed on the remote host is prior to 2.6.2-15. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2023-2040 advisory.

  - TIPC dissector crash in Wireshark 4.0.0 to 4.0.2 and 3.6.0 to 3.6.10 and allows denial of service via     packet injection or crafted capture file (CVE-2023-0412)

  - Memory leak in the NFS dissector in Wireshark 4.0.0 to 4.0.2 and 3.6.0 to 3.6.10 and allows denial of     service via packet injection or crafted capture file (CVE-2023-0417)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2023-120 advisory.

  - Memory exhaustion in the Kafka protocol dissector in Wireshark 4.0.0 to 4.0.1 and 3.6.0 to 3.6.9 allows     denial of service via packet injection or crafted capture file (CVE-2022-4344)

  - Infinite loops in the BPv6, OpenFlow, and Kafka protocol dissectors in Wireshark 4.0.0 to 4.0.1 and 3.6.0     to 3.6.9 allows denial of service via packet injection or crafted capture file (CVE-2022-4345)

  - Excessive loops in multiple dissectors in Wireshark 4.0.0 to 4.0.2 and 3.6.0 to 3.6.10 and allows denial     of service via packet injection or crafted capture file (CVE-2023-0411)

  - TIPC dissector crash in Wireshark 4.0.0 to 4.0.2 and 3.6.0 to 3.6.10 and allows denial of service via     packet injection or crafted capture file (CVE-2023-0412)

  - Dissection engine bug in Wireshark 4.0.0 to 4.0.2 and 3.6.0 to 3.6.10 and allows denial of service via     packet injection or crafted capture file (CVE-2023-0413)

  - Crash in the EAP dissector in Wireshark 4.0.0 to 4.0.2 allows denial of service via packet injection or     crafted capture file (CVE-2023-0414)

  - iSCSI dissector crash in Wireshark 4.0.0 to 4.0.2 and 3.6.0 to 3.6.10 and allows denial of service via     packet injection or crafted capture file (CVE-2023-0415)

  - GNW dissector crash in Wireshark 4.0.0 to 4.0.2 and 3.6.0 to 3.6.10 and allows denial of service via     packet injection or crafted capture file (CVE-2023-0416)

  - Memory leak in the NFS dissector in Wireshark 4.0.0 to 4.0.2 and 3.6.0 to 3.6.10 and allows denial of     service via packet injection or crafted capture file (CVE-2023-0417)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote SUSE Linux SLED15 / SLED_SAP15 / SLES15 / SLES_SAP15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2023:0343-1 advisory.

  - Infinite loops in the BPv6, OpenFlow, and Kafka protocol dissectors in Wireshark 4.0.0 to 4.0.1 and 3.6.0     to 3.6.9 allows denial of service via packet injection or crafted capture file (CVE-2022-4345)

  - Excessive loops in multiple dissectors in Wireshark 4.0.0 to 4.0.2 and 3.6.0 to 3.6.10 and allows denial     of service via packet injection or crafted capture file (CVE-2023-0411)

  - TIPC dissector crash in Wireshark 4.0.0 to 4.0.2 and 3.6.0 to 3.6.10 and allows denial of service via     packet injection or crafted capture file (CVE-2023-0412)

  - Dissection engine bug in Wireshark 4.0.0 to 4.0.2 and 3.6.0 to 3.6.10 and allows denial of service via     packet injection or crafted capture file (CVE-2023-0413)

  - iSCSI dissector crash in Wireshark 4.0.0 to 4.0.2 and 3.6.0 to 3.6.10 and allows denial of service via     packet injection or crafted capture file (CVE-2023-0415)

  - GNW dissector crash in Wireshark 4.0.0 to 4.0.2 and 3.6.0 to 3.6.10 and allows denial of service via     packet injection or crafted capture file (CVE-2023-0416)

  - Memory leak in the NFS dissector in Wireshark 4.0.0 to 4.0.2 and 3.6.0 to 3.6.10 and allows denial of     service via packet injection or crafted capture file (CVE-2023-0417)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Debian 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the dla-3313 advisory.

  - Infinite loops in the BPv6, OpenFlow, and Kafka protocol dissectors in Wireshark 4.0.0 to 4.0.1 and 3.6.0     to 3.6.9 allows denial of service via packet injection or crafted capture file (CVE-2022-4345)

  - Excessive loops in multiple dissectors in Wireshark 4.0.0 to 4.0.2 and 3.6.0 to 3.6.10 and allows denial     of service via packet injection or crafted capture file (CVE-2023-0411)

  - TIPC dissector crash in Wireshark 4.0.0 to 4.0.2 and 3.6.0 to 3.6.10 and allows denial of service via     packet injection or crafted capture file (CVE-2023-0412)

  - Dissection engine bug in Wireshark 4.0.0 to 4.0.2 and 3.6.0 to 3.6.10 and allows denial of service via     packet injection or crafted capture file (CVE-2023-0413)

  - iSCSI dissector crash in Wireshark 4.0.0 to 4.0.2 and 3.6.0 to 3.6.10 and allows denial of service via     packet injection or crafted capture file (CVE-2023-0415)

  - Memory leak in the NFS dissector in Wireshark 4.0.0 to 4.0.2 and 3.6.0 to 3.6.10 and allows denial of     service via packet injection or crafted capture file (CVE-2023-0417)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The version of Wireshark installed on the remote macOS / Mac OS X host is prior to 3.6.11. It is, therefore, affected by multiple vulnerabilities as referenced in the wireshark-3.6.11 advisory.

  - Memory leak in the NFS dissector in Wireshark 4.0.0 to 4.0.2 and 3.6.0 to 3.6.10 and allows denial of     service via packet injection or crafted capture file (CVE-2023-0417)

  - Excessive loops in multiple dissectors in Wireshark 4.0.0 to 4.0.2 and 3.6.0 to 3.6.10 and allows denial     of service via packet injection or crafted capture file (CVE-2023-0411)

  - TIPC dissector crash in Wireshark 4.0.0 to 4.0.2 and 3.6.0 to 3.6.10 and allows denial of service via     packet injection or crafted capture file (CVE-2023-0412)

  - Dissection engine bug in Wireshark 4.0.0 to 4.0.2 and 3.6.0 to 3.6.10 and allows denial of service via     packet injection or crafted capture file (CVE-2023-0413)

  - iSCSI dissector crash in Wireshark 4.0.0 to 4.0.2 and 3.6.0 to 3.6.10 and allows denial of service via     packet injection or crafted capture file (CVE-2023-0415)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The version of Wireshark installed on the remote Windows host is prior to 3.6.11. It is, therefore, affected by multiple vulnerabilities as referenced in the wireshark-3.6.11 advisory.

  - Memory leak in the NFS dissector in Wireshark 4.0.0 to 4.0.2 and 3.6.0 to 3.6.10 and allows denial of     service via packet injection or crafted capture file (CVE-2023-0417)

  - Excessive loops in multiple dissectors in Wireshark 4.0.0 to 4.0.2 and 3.6.0 to 3.6.10 and allows denial     of service via packet injection or crafted capture file (CVE-2023-0411)

  - TIPC dissector crash in Wireshark 4.0.0 to 4.0.2 and 3.6.0 to 3.6.10 and allows denial of service via     packet injection or crafted capture file (CVE-2023-0412)

  - Dissection engine bug in Wireshark 4.0.0 to 4.0.2 and 3.6.0 to 3.6.10 and allows denial of service via     packet injection or crafted capture file (CVE-2023-0413)

  - iSCSI dissector crash in Wireshark 4.0.0 to 4.0.2 and 3.6.0 to 3.6.10 and allows denial of service via     packet injection or crafted capture file (CVE-2023-0415)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The version of Wireshark installed on the remote Windows host is prior to 4.0.3. It is, therefore, affected by multiple vulnerabilities as referenced in the wireshark-4.0.3 advisory.

  - Memory leak in the NFS dissector in Wireshark 4.0.0 to 4.0.2 and 3.6.0 to 3.6.10 and allows denial of     service via packet injection or crafted capture file (CVE-2023-0417)

  - Excessive loops in multiple dissectors in Wireshark 4.0.0 to 4.0.2 and 3.6.0 to 3.6.10 and allows denial     of service via packet injection or crafted capture file (CVE-2023-0411)

  - TIPC dissector crash in Wireshark 4.0.0 to 4.0.2 and 3.6.0 to 3.6.10 and allows denial of service via     packet injection or crafted capture file (CVE-2023-0412)

  - Dissection engine bug in Wireshark 4.0.0 to 4.0.2 and 3.6.0 to 3.6.10 and allows denial of service via     packet injection or crafted capture file (CVE-2023-0413)

  - Crash in the EAP dissector in Wireshark 4.0.0 to 4.0.2 allows denial of service via packet injection or     crafted capture file (CVE-2023-0414)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The version of Wireshark installed on the remote macOS / Mac OS X host is prior to 4.0.3. It is, therefore, affected by multiple vulnerabilities as referenced in the wireshark-4.0.3 advisory.

  - Memory leak in the NFS dissector in Wireshark 4.0.0 to 4.0.2 and 3.6.0 to 3.6.10 and allows denial of     service via packet injection or crafted capture file (CVE-2023-0417)

  - Excessive loops in multiple dissectors in Wireshark 4.0.0 to 4.0.2 and 3.6.0 to 3.6.10 and allows denial     of service via packet injection or crafted capture file (CVE-2023-0411)

  - TIPC dissector crash in Wireshark 4.0.0 to 4.0.2 and 3.6.0 to 3.6.10 and allows denial of service via     packet injection or crafted capture file (CVE-2023-0412)

  - Dissection engine bug in Wireshark 4.0.0 to 4.0.2 and 3.6.0 to 3.6.10 and allows denial of service via     packet injection or crafted capture file (CVE-2023-0413)

  - Crash in the EAP dissector in Wireshark 4.0.0 to 4.0.2 allows denial of service via packet injection or     crafted capture file (CVE-2023-0414)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

ID	Name	Product	Family	Severity
203278	Photon OS 4.0: Wireshark PHSA-2023-4.0-0330	Nessus	PhotonOS Local Security Checks	high
199495	RHEL 8 : wireshark (Unpatched Vulnerability)	Nessus	Red Hat Local Security Checks	critical
199485	RHEL 9 : wireshark (Unpatched Vulnerability)	Nessus	Red Hat Local Security Checks	high
175954	Amazon Linux 2 : wireshark (ALAS-2023-2040)	Nessus	Amazon Linux Local Security Checks	high
173172	Amazon Linux 2023 : wireshark-cli, wireshark-devel (ALAS2023-2023-120)	Nessus	Amazon Linux Local Security Checks	high
171429	SUSE SLED15 / SLES15 / openSUSE 15 Security Update : wireshark (SUSE-SU-2023:0343-1)	Nessus	SuSE Local Security Checks	high
171394	Debian DLA-3313-1 : wireshark - LTS security update	Nessus	Debian Local Security Checks	high
170173	Wireshark 3.6.x < 3.6.11 Multiple Vulnerabilities (macOS)	Nessus	MacOS X Local Security Checks	high
170172	Wireshark 3.6.x < 3.6.11 Multiple Vulnerabilities	Nessus	Windows	high
170169	Wireshark 4.0.x < 4.0.3 Multiple Vulnerabilities	Nessus	Windows	high
170168	Wireshark 4.0.x < 4.0.3 Multiple Vulnerabilities (macOS)	Nessus	MacOS X Local Security Checks	high

Detections

Analytics

CVE-2023-0417

medium

Tenable Plugins

high

critical

high

high

high

high

high

high

high

high

high