The RTPS ( Real-Time Publish-Subscribe) packet in the Wireshark version 4.0.5 and earlier does not validate the length in the rtps_util_add_type_library_type.Īn attacker can exploit this by sending a large file to this function resulting in a heap buffer overflow vulnerability that can also lead to code execution. CVE-2023-0666 – RTPS parsing buffer overflow.This vulnerability exists in the blf_read_apptextmessage function of the Wireshark BLF plugin, which can be exploited by sending a crafted string resulting in arbitrary code execution. CVE-2023-2854 – Heap Buffer Overflow blf_read_apptextmessage Function.Alternatively, it can also result in arbitrary code. CVE-2023-2856 – Stack Buffer Overflow in parse_vms_packet FunctionĪn attacker can exploit this vulnerability by sending a malicious file to wireshark that is read by the parse_vms_packet function resulting in the crash of Wireshark.CVE-2023-2858 – Heap Buffer Overflow in nstrace_read_v10 FunctionĪn attacker can exploit this vulnerability by sending a malicious packet file that executes an arbitrary code or results in a DoS for Wireshark that crashes the application.This can result in arbitrary code execution.Īn attacker can exploit this vulnerability by sending a malicious packet which results in excessive CPU resource usage by Wireshark, CVE-2023-2857 – Heap buffer overflow vulnerability in BLF readerĪn attacker can exploit this vulnerability by sending a maliciously crafted BLF file that affects the blf_pull_logcontainer_into_memory() function.When opened by Wireshark, this file can crash the application and result in potential code execution. CVE-2023-2855 – Stack-buffer-overflow in candump_write_packetĪn attacker can exploit this vulnerability by sending a specially crafted payload file.Wireshark has fixed 9 existing vulnerabilities in the new release. However, as stated by Wireshark, the official 32-bit Windows packages are no longer shipped.įor users who wish to use Wireshark in 32-bit Windows, it is recommended to go with the latest 3.6 release.
With the current release, the latest version of Wireshark is 4.0.6.
0 kommentar(er)
