[Bugs] [Bug 13343] New: [CVE 21] wireshark 4.0.1 CVEs found

bugzilla bugzilla на rosalinux.ru
Ср Май 3 17:21:57 MSK 2023 

https://bugzilla.rosalinux.ru/show_bug.cgi?id=13343

          Platform: 2021.1
            Bug ID: 13343
           Summary: [CVE 21] wireshark 4.0.1  CVEs found
    Classification: ROSA-based products
           Product: ROSA Fresh
           Version: All
          Hardware: All
               URL: CVE-2022-4344, CVE-2022-4345, CVE-2023-0411,
                    CVE-2023-0412, CVE-2023-0413, CVE-2023-0414,
                    CVE-2023-0415, CVE-2023-0416, CVE-2023-0417,
                    CVE-2023-1161, CVE-2023-1992, CVE-2023-1993,
                    CVE-2023-1994,
                OS: Linux
            Status: CONFIRMED
          Severity: normal
          Priority: Normal
         Component: System (kernel, glibc, systemd, bash, PAM...)
          Assignee: bugs на lists.rosalinux.ru
          Reporter: y.tumanov на rosalinux.ru
        QA Contact: bugs на lists.rosalinux.ru
                CC: s.matveev на rosalinux.ru, y.tumanov на rosalinux.ru
  Target Milestone: ---
             Flags: secteam_verified?

Please patch CVEs for package wireshark version 4.0.1

INFO (CVEs are): wireshark 4.0.1
 cves found
CVE-2022-4344
Desc: Memory exhaustion in the Kafka protocol dissector in Wireshark 4.0.0 to
4.0.1 and 3.6.0 to 3.6.9 allows denial of service via packet injection or
crafted capture file
Link: https://nvd.nist.gov/vuln/detail/CVE-2022-4344
Severity: MEDIUM
CVE-2022-4345
Desc: Infinite loops in the BPv6, OpenFlow, and Kafka protocol dissectors in
Wireshark 4.0.0 to 4.0.1 and 3.6.0 to 3.6.9 allows denial of service via packet
injection or crafted capture file
Link: https://nvd.nist.gov/vuln/detail/CVE-2022-4345
Severity: MEDIUM
CVE-2023-0411
Desc: Excessive loops in multiple dissectors in Wireshark 4.0.0 to 4.0.2 and
3.6.0 to 3.6.10 and allows denial of service via packet injection or crafted
capture file
Link: https://nvd.nist.gov/vuln/detail/CVE-2023-0411
Severity: MEDIUM
CVE-2023-0412
Desc: TIPC dissector crash in Wireshark 4.0.0 to 4.0.2 and 3.6.0 to 3.6.10 and
allows denial of service via packet injection or crafted capture file
Link: https://nvd.nist.gov/vuln/detail/CVE-2023-0412
Severity: HIGH
CVE-2023-0413
Desc: Dissection engine bug in Wireshark 4.0.0 to 4.0.2 and 3.6.0 to 3.6.10 and
allows denial of service via packet injection or crafted capture file
Link: https://nvd.nist.gov/vuln/detail/CVE-2023-0413
Severity: MEDIUM
CVE-2023-0414
Desc: Crash in the EAP dissector in Wireshark 4.0.0 to 4.0.2 allows denial of
service via packet injection or crafted capture file
Link: https://nvd.nist.gov/vuln/detail/CVE-2023-0414
Severity: MEDIUM
CVE-2023-0415
Desc: iSCSI dissector crash in Wireshark 4.0.0 to 4.0.2 and 3.6.0 to 3.6.10 and
allows denial of service via packet injection or crafted capture file
Link: https://nvd.nist.gov/vuln/detail/CVE-2023-0415
Severity: MEDIUM
CVE-2023-0416
Desc: GNW dissector crash in Wireshark 4.0.0 to 4.0.2 and 3.6.0 to 3.6.10 and
allows denial of service via packet injection or crafted capture file
Link: https://nvd.nist.gov/vuln/detail/CVE-2023-0416
Severity: MEDIUM
CVE-2023-0417
Desc: Memory leak in the NFS dissector in Wireshark 4.0.0 to 4.0.2 and 3.6.0 to
3.6.10 and allows denial of service via packet injection or crafted capture
file
Link: https://nvd.nist.gov/vuln/detail/CVE-2023-0417
Severity: MEDIUM
CVE-2023-1161
Desc: ISO 15765 and ISO 10681 dissector crash in Wireshark 4.0.0 to 4.0.3 and
3.6.0 to 3.6.11 allows denial of service via packet injection or crafted
capture file
Link: https://nvd.nist.gov/vuln/detail/CVE-2023-1161
Severity: HIGH
CVE-2023-1992
Desc: RPCoRDMA dissector crash in Wireshark 4.0.0 to 4.0.4 and 3.6.0 to 3.6.12
allows denial of service via packet injection or crafted capture file
Link: https://nvd.nist.gov/vuln/detail/CVE-2023-1992
Severity: HIGH
CVE-2023-1993
Desc: LISP dissector large loop in Wireshark 4.0.0 to 4.0.4 and 3.6.0 to 3.6.12
allows denial of service via packet injection or crafted capture file
Link: https://nvd.nist.gov/vuln/detail/CVE-2023-1993
Severity: MEDIUM
CVE-2023-1994
Desc: GQUIC dissector crash in Wireshark 4.0.0 to 4.0.4 and 3.6.0 to 3.6.12
allows denial of service via packet injection or crafted capture file
Link: https://nvd.nist.gov/vuln/detail/CVE-2023-1994
Severity: MEDIUM

-- 
You are receiving this mail because:
You are the QA Contact for the bug.
You are the assignee for the bug.
----------- следущая часть -----------
Вложение в формате HTML было извлечено…
URL: <http://lists.rosalinux.ru/pipermail/bugs/attachments/20230503/6ca98fbe/attachment.html>

Подробная информация о списке рассылки Bugs