{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"state": "PUBLISHED", "cveId": "CVE-2023-0412", "assignerOrgId": "ceab7361-8a18-47b1-92ba-4d7d25f6715a", "assignerShortName": "GitLab", "dateUpdated": "2024-08-02T05:10:55.753Z", "dateReserved": "2023-01-20T00:00:00", "datePublished": "2023-01-24T00:00:00"}, "containers": {"cna": {"providerMetadata": {"orgId": "ceab7361-8a18-47b1-92ba-4d7d25f6715a", "shortName": "GitLab", "dateUpdated": "2023-02-08T00:00:00"}, "descriptions": [{"lang": "en", "value": "TIPC dissector crash in Wireshark 4.0.0 to 4.0.2 and 3.6.0 to 3.6.10 and allows denial of service via packet injection or crafted capture file"}], "affected": [{"vendor": "Wireshark Foundation", "product": "Wireshark", "versions": [{"version": ">=4.0.0, <4.0.3", "status": "affected"}, {"version": ">=3.6.0, <3.6.11", "status": "affected"}]}], "references": [{"url": "https://www.wireshark.org/security/wnpa-sec-2023-07.html"}, {"url": "https://gitlab.com/wireshark/wireshark/-/issues/18770"}, {"url": "https://gitlab.com/gitlab-org/cves/-/blob/master/2023/CVE-2023-0412.json"}, {"name": "[debian-lts-announce] 20230208 [SECURITY] [DLA 3313-1] wireshark security update", "tags": ["mailing-list"], "url": "https://lists.debian.org/debian-lts-announce/2023/02/msg00007.html"}], "metrics": [{"cvssV3_1": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "REQUIRED", "scope": "UNCHANGED", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "availabilityImpact": "LOW", "baseScore": 6.3, "baseSeverity": "MEDIUM"}}], "problemTypes": [{"descriptions": [{"type": "text", "lang": "en", "description": "Uncontrolled recursion in Wireshark"}]}]}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T05:10:55.753Z"}, "title": "CVE Program Container", "references": [{"url": "https://www.wireshark.org/security/wnpa-sec-2023-07.html", "tags": ["x_transferred"]}, {"url": "https://gitlab.com/wireshark/wireshark/-/issues/18770", "tags": ["x_transferred"]}, {"url": "https://gitlab.com/gitlab-org/cves/-/blob/master/2023/CVE-2023-0412.json", "tags": ["x_transferred"]}, {"name": "[debian-lts-announce] 20230208 [SECURITY] [DLA 3313-1] wireshark security update", "tags": ["mailing-list", "x_transferred"], "url": "https://lists.debian.org/debian-lts-announce/2023/02/msg00007.html"}]}]}}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:wireshark:wireshark:*:*:*:*:*:*:*:*", "matchCriteriaId": "211ACC10-0127-4F5F-A124-CC3563923D1B", "versionEndIncluding": "3.6.10", "versionStartIncluding": "3.6.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:wireshark:wireshark:*:*:*:*:*:*:*:*", "matchCriteriaId": "FD6DA49A-D5CB-4528-B23F-32E3F8F00A33", "versionEndIncluding": "4.0.2", "versionStartIncluding": "4.0.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*", "matchCriteriaId": "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "TIPC dissector crash in Wireshark 4.0.0 to 4.0.2 and 3.6.0 to 3.6.10 and allows denial of service via packet injection or crafted capture file"}, {"lang": "es", "value": "El disector TIPC falla en Wireshark para las versiones de la 4.0.0 a la 4.0.2 y de la 3.6.0 a la 3.6.10 y permite la denegaci\u00f3n de servicio mediante inyecci\u00f3n de paquetes o archivo de captura manipulado."}], "id": "CVE-2023-0412", "lastModified": "2023-02-14T18:50:45.467", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.1, "baseSeverity": "HIGH", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 4.2, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 6.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 3.4, "source": "cve@gitlab.com", "type": "Secondary"}]}, "published": "2023-01-26T21:18:07.727", "references": [{"source": "cve@gitlab.com", "tags": ["Issue Tracking"], "url": "https://gitlab.com/gitlab-org/cves/-/blob/master/2023/CVE-2023-0412.json"}, {"source": "cve@gitlab.com", "tags": ["Issue Tracking", "Patch"], "url": "https://gitlab.com/wireshark/wireshark/-/issues/18770"}, {"source": "cve@gitlab.com", "tags": ["Mailing List", "Third Party Advisory"], "url": "https://lists.debian.org/debian-lts-announce/2023/02/msg00007.html"}, {"source": "cve@gitlab.com", "tags": ["Vendor Advisory"], "url": "https://www.wireshark.org/security/wnpa-sec-2023-07.html"}], "sourceIdentifier": "cve@gitlab.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-404"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"bugzilla": {"description": "wireshark: TIPC dissector crash", "id": "2165841", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2165841"}, "csaw": false, "cvss3": {"cvss3_base_score": "7.1", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H", "status": "draft"}, "cwe": "CWE-674->CWE-125", "details": ["TIPC dissector crash in Wireshark 4.0.0 to 4.0.2 and 3.6.0 to 3.6.10 and allows denial of service via packet injection or crafted capture file", "A flaw was found in the TIPC dissector of Wireshark. This issue occurs when decoding malformed packets from a pcap file or from the network, causing an out-of-bounds read, resulting in a Denial of Service."], "name": "CVE-2023-0412", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Out of support scope", "package_name": "wireshark", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Out of support scope", "package_name": "wireshark", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Will not fix", "package_name": "wireshark", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Will not fix", "package_name": "wireshark", "product_name": "Red Hat Enterprise Linux 9"}], "public_date": "2023-01-27T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2023-0412\nhttps://nvd.nist.gov/vuln/detail/CVE-2023-0412"], "threat_severity": "Moderate", "upstream_fix": "wireshark 4.0.3, wireshark 3.6.11"}