SB2023022418 - openEuler 22.03 LTS SP1 update for wireshark

Main Vulnerability Database SB2023022418

SB2023022418 - openEuler 22.03 LTS SP1 update for wireshark

Published: February 24, 2023

Security Bulletin ID SB2023022418

Severity

Medium

Patch available

YES

Number of vulnerabilities 9

Exploitation vector Remote access

Highest impact Denial of service

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 9 secuirty vulnerabilities.

1) Input validation error (CVE-ID: CVE-2022-3724)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to insufficient validation of user-supplied input in USB-HID dissector on Windows. A remote attacker can send specially crafted traffic to the application and perform a denial of service (DoS) attack.

2) Resource exhaustion (CVE-ID: CVE-2022-4344)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to application does not properly control consumption of internal resources within the Kafka dissector. A remote attacker can trigger resource exhaustion and perform a denial of service (DoS) attack.

3) Infinite loop (CVE-ID: CVE-2022-4345)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to infinite loop within the BPv6, OpenFlow, and Kafka protocol dissectors. A remote attacker can consume all available system resources and cause denial of service conditions.

4) Input validation error (CVE-ID: CVE-2023-0413)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to insufficient validation of user-supplied input within the conversation tracking module in Dissection engine. A remote attacker can pass specially crafted traffic to the application and perform a denial of service (DoS) attack.

5) Memory leak (CVE-ID: CVE-2023-0417)

The vulnerability allows a remote attacker to perform DoS attack on the target system.

The vulnerability exists due memory leak within the NFS dissector. A remote attacker can force the application to leak memory and perform denial of service attack.

6) Input validation error (CVE-ID: CVE-2023-0415)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to insufficient validation of user-supplied input within the iSCSI dissector. A remote attacker can pass specially crafted traffic to the application and perform a denial of service (DoS) attack.

7) Infinite loop (CVE-ID: CVE-2023-0411)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to infinite loop within the BPv6, NCP, and RTPS dissectors. A remote attacker can consume all available CPU resources and cause denial of service conditions.

8) Input validation error (CVE-ID: CVE-2023-0412)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to insufficient validation of user-supplied input within the TIPC dissector. A remote attacker can pass specially crafted input to the application and perform a denial of service (DoS) attack.

9) Input validation error (CVE-ID: CVE-2023-0416)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to insufficient validation of user-supplied input within the GNW dissector. A remote attacker can pass specially crafted traffic to the application and perform a denial of service (DoS) attack.

Remediation

Install update from vendor's website.

References

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2023-1115