Source: wireshark X-Debbugs-CC: t...@security.debian.org Severity: important Tags: security
Hi, The following vulnerabilities were published for wireshark. CVE-2023-1992[0]: | RPCoRDMA dissector crash in Wireshark 4.0.0 to 4.0.4 and 3.6.0 to | 3.6.12 allows denial of service via packet injection or crafted | capture file https://gitlab.com/wireshark/wireshark/-/issues/18852 https://www.wireshark.org/security/wnpa-sec-2023-09.html CVE-2023-1993[1]: | LISP dissector large loop in Wireshark 4.0.0 to 4.0.4 and 3.6.0 to | 3.6.12 allows denial of service via packet injection or crafted | capture file https://gitlab.com/wireshark/wireshark/-/issues/18900 https://www.wireshark.org/security/wnpa-sec-2023-10.html CVE-2023-1994[2]: | GQUIC dissector crash in Wireshark 4.0.0 to 4.0.4 and 3.6.0 to 3.6.12 | allows denial of service via packet injection or crafted capture file https://gitlab.com/wireshark/wireshark/-/issues/18947 https://www.wireshark.org/security/wnpa-sec-2023-11.html If you fix the vulnerabilities please also make sure to include the CVE (Common Vulnerabilities & Exposures) ids in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2023-1992 https://www.cve.org/CVERecord?id=CVE-2023-1992 [1] https://security-tracker.debian.org/tracker/CVE-2023-1993 https://www.cve.org/CVERecord?id=CVE-2023-1993 [2] https://security-tracker.debian.org/tracker/CVE-2023-1994 https://www.cve.org/CVERecord?id=CVE-2023-1994 Please adjust the affected versions in the BTS as needed.
