Recent Vulnerabilities Product List Research Posts Trends Blog About Contact

Related Vulnerabilities: CVE-2023-3649 CVE-2023-3648

Source

Debian Bug report logs - #1041101
wireshark: CVE-2023-3649 CVE-2023-3648

Package: src:wireshark; Maintainer for src:wireshark is Balint Reczey <balint@balintreczey.hu>;

Reported by: Moritz Mühlenhoff <jmm@inutil.org>

Date: Fri, 14 Jul 2023 21:39:01 UTC

Severity: important

Tags: security, upstream

Found in version wireshark/4.0.6-1

Fixed in version wireshark/4.0.7-1

Done: Bálint Réczey <balint@balintreczey.hu>

Reply or subscribe to this bug.

Toggle useless messages

View this report as an mbox folder, status mbox, maintainer mbox

Report forwarded to debian-bugs-dist@lists.debian.org, team@security.debian.org, Balint Reczey <balint@balintreczey.hu>:
Bug#1041101; Package src:wireshark. (Fri, 14 Jul 2023 21:39:03 GMT) (full text, mbox, link).

Acknowledgement sent to Moritz Mühlenhoff <jmm@inutil.org>:
New Bug report received and forwarded. Copy sent to team@security.debian.org, Balint Reczey <balint@balintreczey.hu>. (Fri, 14 Jul 2023 21:39:03 GMT) (full text, mbox, link).

Message #5 received at submit@bugs.debian.org (full text, mbox, reply):

Source: wireshark
X-Debbugs-CC: team@security.debian.org
Severity: important
Tags: security

Hi,

The following vulnerabilities were published for wireshark.

CVE-2023-3649[0]:
| iSCSI dissector crash in Wireshark 4.0.0 to 4.0.6 allows denial of
| service via packet injection or crafted capture file

https://www.wireshark.org/security/wnpa-sec-2023-22.html

CVE-2023-3648[1]:
| Kafka dissector crash in Wireshark 4.0.0 to 4.0.6 and 3.6.0 to
| 3.6.14 allows denial of service via packet injection or crafted
| capture file

https://www.wireshark.org/security/wnpa-sec-2023-21.html


If you fix the vulnerabilities please also make sure to include the
CVE (Common Vulnerabilities & Exposures) ids in your changelog entry.

For further information see:

[0] https://security-tracker.debian.org/tracker/CVE-2023-3649
    https://www.cve.org/CVERecord?id=CVE-2023-3649
[1] https://security-tracker.debian.org/tracker/CVE-2023-3648
    https://www.cve.org/CVERecord?id=CVE-2023-3648

Please adjust the affected versions in the BTS as needed.

Added tag(s) upstream. Request was from Salvatore Bonaccorso <carnil@debian.org> to control@bugs.debian.org. (Fri, 14 Jul 2023 22:09:06 GMT) (full text, mbox, link).

Marked as found in versions wireshark/4.0.6-1. Request was from Salvatore Bonaccorso <carnil@debian.org> to control@bugs.debian.org. (Fri, 14 Jul 2023 22:09:06 GMT) (full text, mbox, link).

Information forwarded to debian-bugs-dist@lists.debian.org, Balint Reczey <balint@balintreczey.hu>:
Bug#1041101; Package src:wireshark. (Sat, 15 Jul 2023 09:57:06 GMT) (full text, mbox, link).

Acknowledgement sent to balint@balintreczey.hu:
Extra info received and forwarded to list. Copy sent to Balint Reczey <balint@balintreczey.hu>. (Sat, 15 Jul 2023 09:57:07 GMT) (full text, mbox, link).

Message #14 received at 1041101@bugs.debian.org (full text, mbox, reply):

Control: fixed -1 4.0.7-1

Hi Moritz,

Missed this bug while preparing the upload yesterday.

Cheers,
Balint


Moritz Mühlenhoff <jmm@inutil.org> ezt írta (időpont: 2023. júl. 14., P, 23:35):
>
> Source: wireshark
> X-Debbugs-CC: team@security.debian.org
> Severity: important
> Tags: security
>
> Hi,
>
> The following vulnerabilities were published for wireshark.
>
> CVE-2023-3649[0]:
> | iSCSI dissector crash in Wireshark 4.0.0 to 4.0.6 allows denial of
> | service via packet injection or crafted capture file
>
> https://www.wireshark.org/security/wnpa-sec-2023-22.html
>
> CVE-2023-3648[1]:
> | Kafka dissector crash in Wireshark 4.0.0 to 4.0.6 and 3.6.0 to
> | 3.6.14 allows denial of service via packet injection or crafted
> | capture file
>
> https://www.wireshark.org/security/wnpa-sec-2023-21.html
>
>
> If you fix the vulnerabilities please also make sure to include the
> CVE (Common Vulnerabilities & Exposures) ids in your changelog entry.
>
> For further information see:
>
> [0] https://security-tracker.debian.org/tracker/CVE-2023-3649
>     https://www.cve.org/CVERecord?id=CVE-2023-3649
> [1] https://security-tracker.debian.org/tracker/CVE-2023-3648
>     https://www.cve.org/CVERecord?id=CVE-2023-3648
>
> Please adjust the affected versions in the BTS as needed.
>

Marked as fixed in versions wireshark/4.0.7-1. Request was from Bálint Réczey <balint@balintreczey.hu> to 1041101-submit@bugs.debian.org. (Sat, 15 Jul 2023 09:57:07 GMT) (full text, mbox, link).

Reply sent to balint@balintreczey.hu:
You have taken responsibility. (Sat, 15 Jul 2023 09:57:09 GMT) (full text, mbox, link).

Notification sent to Moritz Mühlenhoff <jmm@inutil.org>:
Bug acknowledged by developer. (Sat, 15 Jul 2023 09:57:09 GMT) (full text, mbox, link).

Send a report that this bug log contains spam.

Debian bug tracking system administrator <owner@bugs.debian.org>. Last modified: Sat Jul 15 11:56:14 2023; Machine Name: bembo

Debian Bug tracking system

Debbugs is free software and licensed under the terms of the GNU Public License version 2. The current version can be obtained from https://bugs.debian.org/debbugs-source/.

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Product List Vendor List Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

wireshark: CVE-2023-3649 CVE-2023-3648

Debian Bug report logs - #1041101
wireshark: CVE-2023-3649 CVE-2023-3648

Vulmon Search

About

Products

Connect

wireshark: CVE-2023-3649 CVE-2023-3648

Debian Bug report logs - #1041101 wireshark: CVE-2023-3649 CVE-2023-3648

Vulmon Search

About

Products

Connect

Debian Bug report logs - #1041101
wireshark: CVE-2023-3649 CVE-2023-3648