CVE-2023-6174: Out-of-bounds Read in Wireshark
First published: Thu Nov 16 2023(Updated: )
SSH dissector crash in Wireshark 4.0.0 to 4.0.10 allows denial of service via packet injection or crafted capture file
Credit: cve@gitlab.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| debian/wireshark | <=2.6.20-0+deb10u4<=2.6.20-0+deb10u7 | 3.4.10-0+deb11u1 4.0.11-1~deb12u1 4.2.0-1 |
| Wireshark Wireshark | >=4.0.0<=4.0.10 | |
| Debian Debian Linux | =12.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://www.wireshark.org/security/wnpa-sec-2023-28.html
- https://gitlab.com/wireshark/wireshark/-/issues/19369
- https://security-tracker.debian.org/tracker/CVE-2023-6174
- https://www.debian.org/security/2023/dsa-5559
- https://security.gentoo.org/glsa/202402-09
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/34DBP5P2RHQ7XUABPANYYMOGV5KS6VEP/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MADSCHKZSCKQ5NLIX3UMOIJD2JZ65L4V/
Frequently Asked Questions
What is the vulnerability ID of this Wireshark vulnerability?
The vulnerability ID of this Wireshark vulnerability is CVE-2023-6174.
What is the title of this Wireshark vulnerability?
The title of this Wireshark vulnerability is 'Out-of-bounds Read in Wireshark'.
What is the description of this Wireshark vulnerability?
The description of this Wireshark vulnerability is 'SSH dissector crash in Wireshark 4.0.0 to 4.0.10 allows denial of service via packet injection or crafted capture file'.
What is the severity of CVE-2023-6174?
The severity of CVE-2023-6174 is medium with a severity value of 6.3.
Which software versions are affected by this Wireshark vulnerability?
Wireshark versions 2.6.20-0+deb10u4 to 2.6.20-0+deb10u7, 4.0.6-1~deb12u1, and 4.0.10-1 are affected by this vulnerability.
How can I fix CVE-2023-6174 in Wireshark?
To fix CVE-2023-6174 in Wireshark, update to version 3.4.10-0+deb11u1, 4.0.11-1~deb12u1, or 4.0.11-1 depending on your Debian distribution.
What is the Common Vulnerabilities and Exposures (CVE) reference for this Wireshark vulnerability?
The Common Vulnerabilities and Exposures (CVE) reference for this Wireshark vulnerability is CVE-2023-6174.
What is the CWE reference for this Wireshark vulnerability?
The CWE reference for this Wireshark vulnerability is CWE-125.
- collector/security-tracker-debian
- agent/weakness
- agent/type
- agent/event
- agent/softwarecombine
- agent/first-publish-date
- agent/severity
- agent/author
- agent/remedy
- agent/title
- agent/description
- collector/epss-latest
- source/FIRST
- agent/epss
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/references
- agent/tags
- collector/nvd-api
- source/NVD
- agent/software-canonical-lookup
- package-manager/debian
- vendor/wireshark
- canonical/wireshark wireshark
- version/wireshark wireshark/4.0.0
- version/wireshark wireshark/4.0.10
- vendor/debian
- canonical/debian debian linux
- version/debian debian linux/12.0