CVE-2023-3649: Buffer Over-read in Wireshark
First published: Fri Jul 14 2023(Updated: )
iSCSI dissector crash in Wireshark 4.0.0 to 4.0.6 allows denial of service via packet injection or crafted capture file
Credit: cve@gitlab.com cve@gitlab.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Wireshark Wireshark | >=4.0.0<=4.0.6 |
Remedy
Upgrade to version 4.0.7 or above.
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the vulnerability ID for iSCSI dissector crash in Wireshark?
The vulnerability ID for the iSCSI dissector crash in Wireshark is CVE-2023-3649.
What is the severity of CVE-2023-3649?
CVE-2023-3649 has a severity level of medium.
How does the iSCSI dissector crash vulnerability in Wireshark affect the software?
The iSCSI dissector crash vulnerability affects Wireshark versions 4.0.0 to 4.0.6.
How can an attacker exploit CVE-2023-3649?
An attacker can exploit CVE-2023-3649 by performing packet injection or using a crafted capture file.
Is there a fix available for the iSCSI dissector crash vulnerability in Wireshark?
Yes, you can refer to the official Wireshark website or the provided GitLab issue for information on available fixes.
- collector/nvd-latest
- collector/nvd-index
- agent/weakness
- agent/references
- agent/author
- agent/type
- agent/softwarecombine
- agent/description
- collector/nvd-api
- agent/software-canonical-lookup-request
- agent/severity
- agent/remedy
- agent/title
- agent/event
- agent/first-publish-date
- agent/tags
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/source
- vendor/wireshark
- canonical/wireshark wireshark
- version/wireshark wireshark/4.0.0
- version/wireshark wireshark/4.0.6