<html>
<head>
<base href="https://bugzilla.rosalinux.ru/">
</head>
<body><table border="1" cellspacing="0" cellpadding="8">
<tr>
<th>Platform</th>
<td>2021.1
</td>
</tr>
<tr>
<th>Bug ID</th>
<td><a class="bz_bug_link
bz_status_CONFIRMED "
title="CONFIRMED - [CVE 21] wireshark 4.0.1 CVEs found"
href="https://bugzilla.rosalinux.ru/show_bug.cgi?id=13343">13343</a>
</td>
</tr>
<tr>
<th>Summary</th>
<td>[CVE 21] wireshark 4.0.1 CVEs found
</td>
</tr>
<tr>
<th>Classification</th>
<td>ROSA-based products
</td>
</tr>
<tr>
<th>Product</th>
<td>ROSA Fresh
</td>
</tr>
<tr>
<th>Version</th>
<td>All
</td>
</tr>
<tr>
<th>Hardware</th>
<td>All
</td>
</tr>
<tr>
<th>URL</th>
<td>CVE-2022-4344, CVE-2022-4345, CVE-2023-0411, CVE-2023-0412, CVE-2023-0413, CVE-2023-0414, CVE-2023-0415, CVE-2023-0416, CVE-2023-0417, CVE-2023-1161, CVE-2023-1992, CVE-2023-1993, CVE-2023-1994,
</td>
</tr>
<tr>
<th>OS</th>
<td>Linux
</td>
</tr>
<tr>
<th>Status</th>
<td>CONFIRMED
</td>
</tr>
<tr>
<th>Severity</th>
<td>normal
</td>
</tr>
<tr>
<th>Priority</th>
<td>Normal
</td>
</tr>
<tr>
<th>Component</th>
<td>System (kernel, glibc, systemd, bash, PAM...)
</td>
</tr>
<tr>
<th>Assignee</th>
<td>bugs@lists.rosalinux.ru
</td>
</tr>
<tr>
<th>Reporter</th>
<td>y.tumanov@rosalinux.ru
</td>
</tr>
<tr>
<th>QA Contact</th>
<td>bugs@lists.rosalinux.ru
</td>
</tr>
<tr>
<th>CC</th>
<td>s.matveev@rosalinux.ru, y.tumanov@rosalinux.ru
</td>
</tr>
<tr>
<th>Target Milestone</th>
<td>---
</td>
</tr>
<tr>
<th>Flags</th>
<td>secteam_verified?
</td>
</tr></table>
<p>
<div>
<pre>Please patch CVEs for package wireshark version 4.0.1
INFO (CVEs are): wireshark 4.0.1
cves found
CVE-2022-4344
Desc: Memory exhaustion in the Kafka protocol dissector in Wireshark 4.0.0 to
4.0.1 and 3.6.0 to 3.6.9 allows denial of service via packet injection or
crafted capture file
Link: <a href="https://nvd.nist.gov/vuln/detail/CVE-2022-4344">https://nvd.nist.gov/vuln/detail/CVE-2022-4344</a>
Severity: MEDIUM
CVE-2022-4345
Desc: Infinite loops in the BPv6, OpenFlow, and Kafka protocol dissectors in
Wireshark 4.0.0 to 4.0.1 and 3.6.0 to 3.6.9 allows denial of service via packet
injection or crafted capture file
Link: <a href="https://nvd.nist.gov/vuln/detail/CVE-2022-4345">https://nvd.nist.gov/vuln/detail/CVE-2022-4345</a>
Severity: MEDIUM
CVE-2023-0411
Desc: Excessive loops in multiple dissectors in Wireshark 4.0.0 to 4.0.2 and
3.6.0 to 3.6.10 and allows denial of service via packet injection or crafted
capture file
Link: <a href="https://nvd.nist.gov/vuln/detail/CVE-2023-0411">https://nvd.nist.gov/vuln/detail/CVE-2023-0411</a>
Severity: MEDIUM
CVE-2023-0412
Desc: TIPC dissector crash in Wireshark 4.0.0 to 4.0.2 and 3.6.0 to 3.6.10 and
allows denial of service via packet injection or crafted capture file
Link: <a href="https://nvd.nist.gov/vuln/detail/CVE-2023-0412">https://nvd.nist.gov/vuln/detail/CVE-2023-0412</a>
Severity: HIGH
CVE-2023-0413
Desc: Dissection engine bug in Wireshark 4.0.0 to 4.0.2 and 3.6.0 to 3.6.10 and
allows denial of service via packet injection or crafted capture file
Link: <a href="https://nvd.nist.gov/vuln/detail/CVE-2023-0413">https://nvd.nist.gov/vuln/detail/CVE-2023-0413</a>
Severity: MEDIUM
CVE-2023-0414
Desc: Crash in the EAP dissector in Wireshark 4.0.0 to 4.0.2 allows denial of
service via packet injection or crafted capture file
Link: <a href="https://nvd.nist.gov/vuln/detail/CVE-2023-0414">https://nvd.nist.gov/vuln/detail/CVE-2023-0414</a>
Severity: MEDIUM
CVE-2023-0415
Desc: iSCSI dissector crash in Wireshark 4.0.0 to 4.0.2 and 3.6.0 to 3.6.10 and
allows denial of service via packet injection or crafted capture file
Link: <a href="https://nvd.nist.gov/vuln/detail/CVE-2023-0415">https://nvd.nist.gov/vuln/detail/CVE-2023-0415</a>
Severity: MEDIUM
CVE-2023-0416
Desc: GNW dissector crash in Wireshark 4.0.0 to 4.0.2 and 3.6.0 to 3.6.10 and
allows denial of service via packet injection or crafted capture file
Link: <a href="https://nvd.nist.gov/vuln/detail/CVE-2023-0416">https://nvd.nist.gov/vuln/detail/CVE-2023-0416</a>
Severity: MEDIUM
CVE-2023-0417
Desc: Memory leak in the NFS dissector in Wireshark 4.0.0 to 4.0.2 and 3.6.0 to
3.6.10 and allows denial of service via packet injection or crafted capture
file
Link: <a href="https://nvd.nist.gov/vuln/detail/CVE-2023-0417">https://nvd.nist.gov/vuln/detail/CVE-2023-0417</a>
Severity: MEDIUM
CVE-2023-1161
Desc: ISO 15765 and ISO 10681 dissector crash in Wireshark 4.0.0 to 4.0.3 and
3.6.0 to 3.6.11 allows denial of service via packet injection or crafted
capture file
Link: <a href="https://nvd.nist.gov/vuln/detail/CVE-2023-1161">https://nvd.nist.gov/vuln/detail/CVE-2023-1161</a>
Severity: HIGH
CVE-2023-1992
Desc: RPCoRDMA dissector crash in Wireshark 4.0.0 to 4.0.4 and 3.6.0 to 3.6.12
allows denial of service via packet injection or crafted capture file
Link: <a href="https://nvd.nist.gov/vuln/detail/CVE-2023-1992">https://nvd.nist.gov/vuln/detail/CVE-2023-1992</a>
Severity: HIGH
CVE-2023-1993
Desc: LISP dissector large loop in Wireshark 4.0.0 to 4.0.4 and 3.6.0 to 3.6.12
allows denial of service via packet injection or crafted capture file
Link: <a href="https://nvd.nist.gov/vuln/detail/CVE-2023-1993">https://nvd.nist.gov/vuln/detail/CVE-2023-1993</a>
Severity: MEDIUM
CVE-2023-1994
Desc: GQUIC dissector crash in Wireshark 4.0.0 to 4.0.4 and 3.6.0 to 3.6.12
allows denial of service via packet injection or crafted capture file
Link: <a href="https://nvd.nist.gov/vuln/detail/CVE-2023-1994">https://nvd.nist.gov/vuln/detail/CVE-2023-1994</a>
Severity: MEDIUM</pre>
</div>
</p>
<hr>
<span>You are receiving this mail because:</span>
<ul>
<li>You are the QA Contact for the bug.</li>
<li>You are the assignee for the bug.</li>
</ul>
</body>
</html>