{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2023-0668", "assignerOrgId": "26969f82-7e87-44d8-9cb5-f6fb926ddd43", "state": "PUBLISHED", "assignerShortName": "AHA", "dateReserved": "2023-02-03T22:08:47.155Z", "datePublished": "2023-06-07T02:32:45.095Z", "dateUpdated": "2024-08-02T05:17:50.341Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "Wireshark", "vendor": "Wireshark Foundation", "versions": [{"lessThanOrEqual": "4.0.5", "status": "affected", "version": "4.0.0", "versionType": "semver"}, {"status": "unaffected", "version": "4.0.6"}, {"lessThanOrEqual": "3.6.13", "status": "affected", "version": "3.6.0", "versionType": "semver"}, {"status": "unaffected", "version": "3.6.14"}]}], "credits": [{"lang": "en", "type": "finder", "user": "00000000-0000-4000-9000-000000000000", "value": "zenofex"}, {"lang": "en", "type": "finder", "user": "00000000-0000-4000-9000-000000000000", "value": "WanderingGlitch"}, {"lang": "en", "type": "coordinator", "user": "00000000-0000-4000-9000-000000000000", "value": "Austin Hackers Anonymous!"}], "datePublic": "2023-05-22T19:04:00.000Z", "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "Due to failure in validating the length provided by an attacker-crafted IEEE-C37.118 packet, Wireshark version 4.0.5 and prior, by default, is susceptible to a heap-based buffer overflow, and possibly code execution in the context of the process running Wireshark."}], "value": "Due to failure in validating the length provided by an attacker-crafted IEEE-C37.118 packet, Wireshark version 4.0.5 and prior, by default, is susceptible to a heap-based buffer overflow, and possibly code execution in the context of the process running Wireshark."}], "impacts": [{"capecId": "CAPEC-540", "descriptions": [{"lang": "en", "value": "CAPEC-540 Overread Buffers"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-125", "description": "CWE-125 Out-of-bounds Read", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "26969f82-7e87-44d8-9cb5-f6fb926ddd43", "shortName": "AHA", "dateUpdated": "2023-06-08T13:00:53.650Z"}, "references": [{"tags": ["third-party-advisory"], "url": "https://takeonme.org/cves/CVE-2023-0668.html"}, {"tags": ["issue-tracking"], "url": "https://gitlab.com/wireshark/wireshark/-/issues/19087"}, {"tags": ["release-notes"], "url": "https://www.wireshark.org/docs/relnotes/wireshark-4.0.6.html"}, {"tags": ["vendor-advisory"], "url": "https://www.wireshark.org/security/wnpa-sec-2023-19.html"}, {"url": "https://www.debian.org/security/2023/dsa-5429"}, {"url": "https://security.gentoo.org/glsa/202309-02"}], "source": {"discovery": "EXTERNAL"}, "title": "Wireshark IEEE-C37.118 parsing buffer overflow", "x_generator": {"engine": "Vulnogram 0.1.0-dev"}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T05:17:50.341Z"}, "title": "CVE Program Container", "references": [{"tags": ["third-party-advisory", "x_transferred"], "url": "https://takeonme.org/cves/CVE-2023-0668.html"}, {"tags": ["issue-tracking", "x_transferred"], "url": "https://gitlab.com/wireshark/wireshark/-/issues/19087"}, {"tags": ["release-notes", "x_transferred"], "url": "https://www.wireshark.org/docs/relnotes/wireshark-4.0.6.html"}, {"tags": ["vendor-advisory", "x_transferred"], "url": "https://www.wireshark.org/security/wnpa-sec-2023-19.html"}, {"url": "https://www.debian.org/security/2023/dsa-5429", "tags": ["x_transferred"]}, {"url": "https://security.gentoo.org/glsa/202309-02", "tags": ["x_transferred"]}]}]}}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:wireshark:wireshark:*:*:*:*:*:*:*:*", "matchCriteriaId": "CED49BFD-0350-4790-9D15-35875AEE4F00", "versionEndExcluding": "3.6.14", "versionStartIncluding": "3.6.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:wireshark:wireshark:*:*:*:*:*:*:*:*", "matchCriteriaId": "FBA0E5F8-10A3-4294-95A8-6CB594C4DADE", "versionEndExcluding": "4.0.6", "versionStartIncluding": "4.0.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:debian:debian_linux:12.0:*:*:*:*:*:*:*", "matchCriteriaId": "46D69DCC-AE4D-4EA5-861C-D60951444C6C", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Due to failure in validating the length provided by an attacker-crafted IEEE-C37.118 packet, Wireshark version 4.0.5 and prior, by default, is susceptible to a heap-based buffer overflow, and possibly code execution in the context of the process running Wireshark."}, {"lang": "es", "value": "Debido a un fallo en la validaci\u00f3n de la longitud proporcionada por un atacante de paquetes IEEE-C37.118, Wireshark v4.0.5 y anteriores, por defecto, es susceptible a un desbordamiento de b\u00fafer de la pila, y posiblemente la ejecuci\u00f3n de c\u00f3digo en el contexto del proceso que ejecuta Wireshark. "}], "id": "CVE-2023-0668", "lastModified": "2023-10-20T20:56:32.827", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2023-06-07T03:15:09.193", "references": [{"source": "cve@takeonme.org", "tags": ["Exploit", "Issue Tracking"], "url": "https://gitlab.com/wireshark/wireshark/-/issues/19087"}, {"source": "cve@takeonme.org", "tags": ["Third Party Advisory"], "url": "https://security.gentoo.org/glsa/202309-02"}, {"source": "cve@takeonme.org", "tags": ["Exploit"], "url": "https://takeonme.org/cves/CVE-2023-0668.html"}, {"source": "cve@takeonme.org", "tags": ["Third Party Advisory"], "url": "https://www.debian.org/security/2023/dsa-5429"}, {"source": "cve@takeonme.org", "tags": ["Release Notes"], "url": "https://www.wireshark.org/docs/relnotes/wireshark-4.0.6.html"}, {"source": "cve@takeonme.org", "tags": ["Vendor Advisory"], "url": "https://www.wireshark.org/security/wnpa-sec-2023-19.html"}], "sourceIdentifier": "cve@takeonme.org", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-787"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-125"}], "source": "cve@takeonme.org", "type": "Secondary"}]}

{"affected_release": [{"advisory": "RHSA-2023:6469", "cpe": "cpe:/a:redhat:enterprise_linux:9", "package": "wireshark-1:3.4.10-6.el9", "product_name": "Red Hat Enterprise Linux 9", "release_date": "2023-11-07T00:00:00Z"}], "bugzilla": {"description": "wireshark: IEEE C37.118 Synchrophasor dissector crash", "id": "2210835", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2210835"}, "csaw": false, "cvss3": {"cvss3_base_score": "6.5", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "status": "verified"}, "cwe": "CWE-125", "details": ["Due to failure in validating the length provided by an attacker-crafted IEEE-C37.118 packet, Wireshark version 4.0.5 and prior, by default, is susceptible to a heap-based buffer overflow, and possibly code execution in the context of the process running Wireshark.", "A flaw was found in the IEEE C37.118 Synchrophasor dissector of Wireshark. This issue occurs when decoding malformed packets from a pcap file or from the network, causing a buffer overflow, resulting in a denial of service."], "name": "CVE-2023-0668", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Out of support scope", "package_name": "wireshark", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Out of support scope", "package_name": "wireshark", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "wireshark", "product_name": "Red Hat Enterprise Linux 8"}], "public_date": "2023-05-18T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2023-0668\nhttps://nvd.nist.gov/vuln/detail/CVE-2023-0668"], "statement": "Wireshark as shipped in Red Hat Enterprise Linux 8 is not affected by this vulnerability because the vulnerable code in the IEEE C37.118 Synchrophasor dissector was introduced in a newer Wireshark version.", "threat_severity": "Moderate", "upstream_fix": "wireshark 4.0.6, wireshark 3.6.14"}