SB2023120464 - Anolis OS update for wireshark

CSH
CYBERSECURITY HELP
Sign In REGISTER

Main Vulnerability Database SB2023120464

SB2023120464 - Anolis OS update for wireshark

Published: December 4, 2023 Updated: March 28, 2025

Security Bulletin ID SB2023120464
Severity
Medium
Patch available
YES
Number of vulnerabilities 6
Exploitation vector Remote access
Highest impact Denial of service

Breakdown by Severity

Medium 100%
  • Low
  • Medium
  • High
  • Critical

Description

This security bulletin contains information about 6 secuirty vulnerabilities.


1) Input validation error (CVE-ID: CVE-2023-3648)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to insufficient validation of user-supplied input in Kafka dissector. A remote attacker can pass specially crafted input to the application and perform a denial of service (DoS) attack.


2) Input validation error (CVE-ID: CVE-2023-3649)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to insufficient validation of user-supplied input in iSCSI dissector. A remote attacker can pass specially crafted input to the application and perform a denial of service (DoS) attack.


3) Infinite loop (CVE-ID: CVE-2023-4511)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to infinite loop in Bluetooth SDP dissector. A remote attacker can consume all available system resources and cause denial of service conditions.


4) Input validation error (CVE-ID: CVE-2023-4512)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to insufficient validation of user-supplied input in CBOR protocol dissector. A remote attacker can pass specially crafted input to the application and perform a denial of service (DoS) attack.


5) Memory leak (CVE-ID: CVE-2023-4513)

The vulnerability allows a remote attacker to perform DoS attack on the target system.

The vulnerability exists due memory leak in Bluetooth SDP dissector. A remote attacker can force the application to leak memory and perform denial of service attack.


6) Memory leak (CVE-ID: CVE-2023-5371)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to memory leak within the RTPS dissector. A remote attacker can send specially crafted traffic to the system and perform a denial of service attack.


Remediation

Install update from vendor's website.

References