CVE-2023-0666 🤘

CVE-2023-0666: Wireshark RTPS Parsing Buffer Overflow

AHA! has discovered an issue with Wireshark from The Wireshark Foundation, and is issuing this disclosure in accordance with AHA!’s standard disclosure policy today, on Monday, June 5, 2023. CVE-2023-0666 has been assigned to this issue.

Any questions about this disclosure should be directed to [email protected].

Executive Summary

Due to failure in validating the length provided by an attacker-crafted RTPS packet, Wireshark version 4.0.5 and prior, by default, is susceptible to a heap-based buffer overflow, and possibly code execution in the context of the process running Wireshark. CVE-2023-0666 appears to be an instance of CWE-122.

Read more

CVE-2023-0667

CVE-2023-0667: Wireshark MSMMS parsing buffer overflow

AHA! has discovered an issue with Wireshark from The Wireshark Foundation, and is issuing this disclosure in accordance with AHA!’s standard disclosure policy today, on Monday, June 5, 2023. CVE-2023-0667 has been assigned to this issue.

Any questions about this disclosure should be directed to [email protected].

Executive Summary

Due to failure in validating the length provided by an attacker-crafted MSMMS packet, Wireshark version 4.0.5 and prior, in an unusual configuration, is susceptible to a heap-based buffer overflow, and possibly code execution in the context of the process running Wireshark. CVE-2023-0667 appears to be an instance of CWE-122.

Read more

CVE-2023-0668

CVE-2023-0668: Wireshark IEEE-C37.118 parsing buffer overflow

AHA! has discovered an issue with Wireshark from The Wireshark Foundation, and is issuing this disclosure in accordance with AHA!’s standard disclosure policy today, on Monday, June 5, 2023. CVE-2023-0668 has been assigned to this issue.

Executive Summary

Due to failure in validating the length provided by an attacker-crafted IEEE-C37.118 packet, Wireshark version 4.0.5 and prior, by default, is susceptible to a heap-based buffer overflow, and possibly code execution in the context of the process running Wireshark. CVE-2023-0668 appears to be an instance of CWE-125.

Read more

CVE-2023-2905

CVE-2023-2905: Cesanta Mongoose MQTT Message Parsing Heap Overflow

AHA! has discovered an issue with Mongoose from Cesanta, and is publishing this disclosure in accordance with AHA!’s standard disclosure policy today, on Tuesday, August 8, 2023. CVE-2023-2905 has been assigned to this issue.

Any questions about this disclosure should be directed to [email protected].

Executive Summary

Due to a failure in validating the length of a provided MQTT_CMD_PUBLISH parsed message with a variable length header, the dual-licensed Cesanta Mongoose embeddable web server version 7.10 is susceptible to a heap-based buffer overflow vulnerability in the default configuration. CVE-2023-2905 appears to be an instance of CWE-122. Version 7.9 and prior does not appear to be vulnerable.

Read more

CVE-2023-2906

CVE-2023-2906: Wireshark CP2179 Parsing Divide By Zero DoS

AHA! has discovered a deinal-of-service issue with [Wireshark] from The Wireshark Foundation, and is issuing this disclosure in accordance with AHA!’s standard disclosure policy today, on Thursday, August 24, 2023. CVE-2023-2906 has been assigned to this issue.

Any questions about this disclosure should be directed to [email protected].

Executive Summary

Due to a failure in validating the length provided by an attacker-crafted CP2179 packet, Wireshark versions 2.0.0 through 4.0.7 is susceptible to a divide by zero allowing for a denial of service attack. CVE-2023-2906 appears to be an instance of CWE-369. Note that, according to the patch notes, this effect can only be achieved when a user triggers the vulnerable code patch with the “Decode As…” functionality of Wireshark (or the -d option for tshark), so this vulnerability is unlikely to be triggerable in an automated way.

Read more