CVE-2023-0667: Wireshark MSMMS parsing buffer overflow
First published: Wed Jun 07 2023(Updated: )
Due to failure in validating the length provided by an attacker-crafted MSMMS packet, Wireshark version 4.0.5 and prior, in an unusual configuration, is susceptible to a heap-based buffer overflow, and possibly code execution in the context of the process running Wireshark
Credit: cve@takeonme.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Wireshark | >=4.0.0<4.0.6 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the vulnerability ID for this Wireshark vulnerability?
The vulnerability ID for this Wireshark vulnerability is CVE-2023-0667.
What is the severity of CVE-2023-0667?
The severity of CVE-2023-0667 is medium.
What software versions are affected by CVE-2023-0667?
Wireshark version 4.0.5 and prior are affected.
What is the potential impact of CVE-2023-0667?
CVE-2023-0667 can lead to a heap-based buffer overflow and possibly code execution in the context of the process running Wireshark.
Where can I find more information about CVE-2023-0667?
You can find more information about CVE-2023-0667 at the following references: [GitLab](https://gitlab.com/wireshark/wireshark/-/issues/19086), [Gentoo Security](https://security.gentoo.org/glsa/202309-02), [Takeonme](https://takeonme.org/cves/CVE-2023-0667.html).
- agent/type
- agent/softwarecombine
- agent/weakness
- agent/severity
- agent/references
- agent/title
- agent/description
- agent/first-publish-date
- agent/event
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/source
- agent/tags
- collector/nvd-api
- source/NVD
- agent/software-canonical-lookup
- agent/software-canonical-lookup-request
- collector/nvd-index
- agent/author
- vendor/wireshark
- canonical/wireshark
- version/wireshark/4.0.0