Due to failure in validating the length provided by an attacker-crafted RTPS packet, Wireshark version 4.0.5 and prior, by default, is susceptible to a heap-based buffer overflow, and possibly code execution in the context of the process running Wireshark.

The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2023-7015 advisory.

  - VMS TCPIPtrace file parser crash in Wireshark 4.0.0 to 4.0.5 and 3.6.0 to 3.6.13 allows denial of service     via crafted capture file (CVE-2023-2856)

  - NetScaler file parser crash in Wireshark 4.0.0 to 4.0.5 and 3.6.0 to 3.6.13 allows denial of service via     crafted capture file (CVE-2023-2858)

  - Due to failure in validating the length provided by an attacker-crafted RTPS packet, Wireshark version     4.0.5 and prior, by default, is susceptible to a heap-based buffer overflow, and possibly code execution     in the context of the process running Wireshark. (CVE-2023-0666)

  - XRA dissector infinite loop in Wireshark 4.0.0 to 4.0.5 and 3.6.0 to 3.6.13 allows denial of service via     packet injection or crafted capture file (CVE-2023-2952)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Oracle Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2023-6469 advisory.

  - XRA dissector infinite loop in Wireshark 4.0.0 to 4.0.5 and 3.6.0 to 3.6.13 allows denial of service via     packet injection or crafted capture file (CVE-2023-2952)

  - Due to failure in validating the length provided by an attacker-crafted RTPS packet, Wireshark version     4.0.5 and prior, by default, is susceptible to a heap-based buffer overflow, and possibly code execution     in the context of the process running Wireshark. (CVE-2023-0666)

  - Candump log parser crash in Wireshark 4.0.0 to 4.0.5 and 3.6.0 to 3.6.13 allows denial of service via     crafted capture file (CVE-2023-2855)

  - VMS TCPIPtrace file parser crash in Wireshark 4.0.0 to 4.0.5 and 3.6.0 to 3.6.13 allows denial of service     via crafted capture file (CVE-2023-2856)

  - Due to failure in validating the length provided by an attacker-crafted IEEE-C37.118 packet, Wireshark     version 4.0.5 and prior, by default, is susceptible to a heap-based buffer overflow, and possibly code     execution in the context of the process running Wireshark. (CVE-2023-0668)

  - NetScaler file parser crash in Wireshark 4.0.0 to 4.0.5 and 3.6.0 to 3.6.13 allows denial of service via     crafted capture file (CVE-2023-2858)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2023:7015 advisory.

  - wireshark: RTPS dissector crash (CVE-2023-0666)

  - wireshark: VMS TCPIPtrace file parser crash (CVE-2023-2856)

  - wireshark: NetScaler file parser crash (CVE-2023-2858)

  - wireshark: XRA dissector infinite loop (CVE-2023-2952)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote CentOS Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the CESA-2023:7015 advisory.

  - Due to failure in validating the length provided by an attacker-crafted RTPS packet, Wireshark version     4.0.5 and prior, by default, is susceptible to a heap-based buffer overflow, and possibly code execution     in the context of the process running Wireshark. (CVE-2023-0666)

  - VMS TCPIPtrace file parser crash in Wireshark 4.0.0 to 4.0.5 and 3.6.0 to 3.6.13 allows denial of service     via crafted capture file (CVE-2023-2856)

  - NetScaler file parser crash in Wireshark 4.0.0 to 4.0.5 and 3.6.0 to 3.6.13 allows denial of service via     crafted capture file (CVE-2023-2858)

  - XRA dissector infinite loop in Wireshark 4.0.0 to 4.0.5 and 3.6.0 to 3.6.13 allows denial of service via     packet injection or crafted capture file (CVE-2023-2952)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2023:6469 advisory.

  - wireshark: RTPS dissector crash (CVE-2023-0666)

  - wireshark: IEEE C37.118 Synchrophasor dissector crash (CVE-2023-0668)

  - wireshark: Candump log file parser crash (CVE-2023-2855)

  - wireshark: VMS TCPIPtrace file parser crash (CVE-2023-2856)

  - wireshark: NetScaler file parser crash (CVE-2023-2858)

  - wireshark: XRA dissector infinite loop (CVE-2023-2952)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote host is affected by the vulnerability described in GLSA-202309-02 (Wireshark: Multiple Vulnerabilities)

  - Crash in the OPUS protocol dissector in Wireshark 3.6.0 to 3.6.8 allows denial of service via packet     injection or crafted capture file (CVE-2022-3725)

  - Due to failure in validating the length provided by an attacker-crafted RTPS packet, Wireshark version     4.0.5 and prior, by default, is susceptible to a heap-based buffer overflow, and possibly code execution     in the context of the process running Wireshark. (CVE-2023-0666)

  - Due to failure in validating the length provided by an attacker-crafted MSMMS packet, Wireshark version     4.0.5 and prior, in an unusual configuration, is susceptible to a heap-based buffer overflow, and possibly     code execution in the context of the process running Wireshark (CVE-2023-0667)

  - Due to failure in validating the length provided by an attacker-crafted IEEE-C37.118 packet, Wireshark     version 4.0.5 and prior, by default, is susceptible to a heap-based buffer overflow, and possibly code     execution in the context of the process running Wireshark. (CVE-2023-0668)

  - ISO 15765 and ISO 10681 dissector crash in Wireshark 4.0.0 to 4.0.3 and 3.6.0 to 3.6.11 allows denial of     service via packet injection or crafted capture file (CVE-2023-1161)

  - RPCoRDMA dissector crash in Wireshark 4.0.0 to 4.0.4 and 3.6.0 to 3.6.12 allows denial of service via     packet injection or crafted capture file (CVE-2023-1992)

  - LISP dissector large loop in Wireshark 4.0.0 to 4.0.4 and 3.6.0 to 3.6.12 allows denial of service via     packet injection or crafted capture file (CVE-2023-1993)

  - GQUIC dissector crash in Wireshark 4.0.0 to 4.0.4 and 3.6.0 to 3.6.12 allows denial of service via packet     injection or crafted capture file (CVE-2023-1994)

  - BLF file parser crash in Wireshark 4.0.0 to 4.0.5 and 3.6.0 to 3.6.13 allows denial of service via crafted     capture file (CVE-2023-2854, CVE-2023-2857)

  - Candump log parser crash in Wireshark 4.0.0 to 4.0.5 and 3.6.0 to 3.6.13 allows denial of service via     crafted capture file (CVE-2023-2855)

  - VMS TCPIPtrace file parser crash in Wireshark 4.0.0 to 4.0.5 and 3.6.0 to 3.6.13 allows denial of service     via crafted capture file (CVE-2023-2856)

  - NetScaler file parser crash in Wireshark 4.0.0 to 4.0.5 and 3.6.0 to 3.6.13 allows denial of service via     crafted capture file (CVE-2023-2858)

  - GDSDB infinite loop in Wireshark 4.0.0 to 4.0.5 and 3.6.0 to 3.6.13 allows denial of service via packet     injection or crafted capture file (CVE-2023-2879)

  - XRA dissector infinite loop in Wireshark 4.0.0 to 4.0.5 and 3.6.0 to 3.6.13 allows denial of service via     packet injection or crafted capture file (CVE-2023-2952)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Debian 12 host has packages installed that are affected by multiple vulnerabilities as referenced in the dsa-5429 advisory.

  - Due to failure in validating the length provided by an attacker-crafted RTPS packet, Wireshark version     4.0.5 and prior, by default, is susceptible to a heap-based buffer overflow, and possibly code execution     in the context of the process running Wireshark. (CVE-2023-0666)

  - Due to failure in validating the length provided by an attacker-crafted IEEE-C37.118 packet, Wireshark     version 4.0.5 and prior, by default, is susceptible to a heap-based buffer overflow, and possibly code     execution in the context of the process running Wireshark. (CVE-2023-0668)

  - ISO 15765 and ISO 10681 dissector crash in Wireshark 4.0.0 to 4.0.3 and 3.6.0 to 3.6.11 allows denial of     service via packet injection or crafted capture file (CVE-2023-1161)

  - RPCoRDMA dissector crash in Wireshark 4.0.0 to 4.0.4 and 3.6.0 to 3.6.12 allows denial of service via     packet injection or crafted capture file (CVE-2023-1992)

  - LISP dissector large loop in Wireshark 4.0.0 to 4.0.4 and 3.6.0 to 3.6.12 allows denial of service via     packet injection or crafted capture file (CVE-2023-1993)

  - GQUIC dissector crash in Wireshark 4.0.0 to 4.0.4 and 3.6.0 to 3.6.12 allows denial of service via packet     injection or crafted capture file (CVE-2023-1994)

  - BLF file parser crash in Wireshark 4.0.0 to 4.0.5 and 3.6.0 to 3.6.13 allows denial of service via crafted     capture file (CVE-2023-2854, CVE-2023-2857)

  - Candump log parser crash in Wireshark 4.0.0 to 4.0.5 and 3.6.0 to 3.6.13 allows denial of service via     crafted capture file (CVE-2023-2855)

  - VMS TCPIPtrace file parser crash in Wireshark 4.0.0 to 4.0.5 and 3.6.0 to 3.6.13 allows denial of service     via crafted capture file (CVE-2023-2856)

  - NetScaler file parser crash in Wireshark 4.0.0 to 4.0.5 and 3.6.0 to 3.6.13 allows denial of service via     crafted capture file (CVE-2023-2858)

  - GDSDB infinite loop in Wireshark 4.0.0 to 4.0.5 and 3.6.0 to 3.6.13 allows denial of service via packet     injection or crafted capture file (CVE-2023-2879)

  - XRA dissector infinite loop in Wireshark 4.0.0 to 4.0.5 and 3.6.0 to 3.6.13 allows denial of service via     packet injection or crafted capture file (CVE-2023-2952)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2023-197 advisory.

  - Due to failure in validating the length provided by an attacker-crafted RTPS packet, Wireshark version     4.0.5 and prior, by default, is susceptible to a heap-based buffer overflow, and possibly code execution     in the context of the process running Wireshark. (CVE-2023-0666)

  - Due to failure in validating the length provided by an attacker-crafted IEEE-C37.118 packet, Wireshark     version 4.0.5 and prior, by default, is susceptible to a heap-based buffer overflow, and possibly code     execution in the context of the process running Wireshark. (CVE-2023-0668)

  - BLF file parser crash in Wireshark 4.0.0 to 4.0.5 and 3.6.0 to 3.6.13 allows denial of service via crafted     capture file (CVE-2023-2854, CVE-2023-2857)

  - Candump log parser crash in Wireshark 4.0.0 to 4.0.5 and 3.6.0 to 3.6.13 allows denial of service via     crafted capture file (CVE-2023-2855)

  - VMS TCPIPtrace file parser crash in Wireshark 4.0.0 to 4.0.5 and 3.6.0 to 3.6.13 allows denial of service     via crafted capture file (CVE-2023-2856)

  - NetScaler file parser crash in Wireshark 4.0.0 to 4.0.5 and 3.6.0 to 3.6.13 allows denial of service via     crafted capture file (CVE-2023-2858)

  - GDSDB infinite loop in Wireshark 4.0.0 to 4.0.5 and 3.6.0 to 3.6.13 allows denial of service via packet     injection or crafted capture file (CVE-2023-2879)

  - XRA dissector infinite loop in Wireshark 4.0.0 to 4.0.5 and 3.6.0 to 3.6.13 allows denial of service via     packet injection or crafted capture file (CVE-2023-2952)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The version of Wireshark installed on the remote Windows host is prior to 4.0.6. It is, therefore, affected by multiple vulnerabilities as referenced in the wireshark-4.0.6 advisory.

  - XRA dissector infinite loop in Wireshark 4.0.0 to 4.0.5 and 3.6.0 to 3.6.13 allows denial of service via     packet injection or crafted capture file (CVE-2023-2952)

  - Due to failure in validating the length provided by an attacker-crafted RTPS packet, Wireshark version     4.0.5 and prior, by default, is susceptible to a heap-based buffer overflow, and possibly code execution     in the context of the process running Wireshark. (CVE-2023-0666)

  - Due to failure in validating the length provided by an attacker-crafted IEEE-C37.118 packet, Wireshark     version 4.0.5 and prior, by default, is susceptible to a heap-based buffer overflow, and possibly code     execution in the context of the process running Wireshark. (CVE-2023-0668)

  - BLF file parser crash in Wireshark 4.0.0 to 4.0.5 and 3.6.0 to 3.6.13 allows denial of service via crafted     capture file (CVE-2023-2854, CVE-2023-2857)

  - Candump log parser crash in Wireshark 4.0.0 to 4.0.5 and 3.6.0 to 3.6.13 allows denial of service via     crafted capture file (CVE-2023-2855)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The version of Wireshark installed on the remote macOS / Mac OS X host is prior to 4.0.6. It is, therefore, affected by multiple vulnerabilities as referenced in the wireshark-4.0.6 advisory.

  - XRA dissector infinite loop in Wireshark 4.0.0 to 4.0.5 and 3.6.0 to 3.6.13 allows denial of service via     packet injection or crafted capture file (CVE-2023-2952)

  - Due to failure in validating the length provided by an attacker-crafted RTPS packet, Wireshark version     4.0.5 and prior, by default, is susceptible to a heap-based buffer overflow, and possibly code execution     in the context of the process running Wireshark. (CVE-2023-0666)

  - Due to failure in validating the length provided by an attacker-crafted IEEE-C37.118 packet, Wireshark     version 4.0.5 and prior, by default, is susceptible to a heap-based buffer overflow, and possibly code     execution in the context of the process running Wireshark. (CVE-2023-0668)

  - BLF file parser crash in Wireshark 4.0.0 to 4.0.5 and 3.6.0 to 3.6.13 allows denial of service via crafted     capture file (CVE-2023-2854, CVE-2023-2857)

  - Candump log parser crash in Wireshark 4.0.0 to 4.0.5 and 3.6.0 to 3.6.13 allows denial of service via     crafted capture file (CVE-2023-2855)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

ID	Name	Product	Family	Severity
186140	Oracle Linux 8 : wireshark (ELSA-2023-7015)	Nessus	Oracle Linux Local Security Checks	medium
185879	Oracle Linux 9 : wireshark (ELSA-2023-6469)	Nessus	Oracle Linux Local Security Checks	medium
185660	RHEL 8 : wireshark (RHSA-2023:7015)	Nessus	Red Hat Local Security Checks	medium
185637	CentOS 8 : wireshark (CESA-2023:7015)	Nessus	CentOS Local Security Checks	medium
185134	RHEL 9 : wireshark (RHSA-2023:6469)	Nessus	Red Hat Local Security Checks	medium
181506	GLSA-202309-02 : Wireshark: Multiple Vulnerabilities	Nessus	Gentoo Local Security Checks	high
177382	Debian DSA-5429-1 : wireshark - security update	Nessus	Debian Local Security Checks	high
176926	Amazon Linux 2023 : wireshark-cli, wireshark-devel (ALAS2023-2023-197)	Nessus	Amazon Linux Local Security Checks	high
176370	Wireshark 4.0.x < 4.0.6 Multiple Vulnerabilities	Nessus	Windows	high
176369	Wireshark 4.0.x < 4.0.6 Multiple Vulnerabilities (macOS)	Nessus	MacOS X Local Security Checks	high

Detections

Analytics

CVE-2023-0666

medium

Tenable Plugins

medium

medium

medium

medium

medium

high

high

high

high

high