Forum
CVE-2023-0668 - Wireshark
Zitat von MITs Forum am 6. Juni 2023, 0:00 UhrDue to failure in validating the length provided by an attacker-crafted IEEE-C37.118 packet, Wireshark version 4.0.5 and prior, by default, is susceptible to a heap-based buffer overflow, and possibly code execution in the context of the process running Wireshark.
References
https://gitlab.com/wireshark/wireshark/-/issues/19087
https://takeonme.org/cves/CVE-2023-0668.html
https://www.wireshark.org/docs/relnotes/wireshark-4.0.6.html
https://www.wireshark.org/security/wnpa-sec-2023-19.html
Due to failure in validating the length provided by an attacker-crafted IEEE-C37.118 packet, Wireshark version 4.0.5 and prior, by default, is susceptible to a heap-based buffer overflow, and possibly code execution in the context of the process running Wireshark.
References
https://gitlab.com/wireshark/wireshark/-/issues/19087
https://takeonme.org/cves/CVE-2023-0668.html
https://www.wireshark.org/docs/relnotes/wireshark-4.0.6.html
https://www.wireshark.org/security/wnpa-sec-2023-19.html