CVE-2023-0667

Summary

Due to failure in validating the length provided by an attacker-crafted MSMMS packet, Wireshark version 4.0.5 and prior, in an unusual configuration, is susceptible to a heap-based buffer overflow, and possibly code execution in the context of the process running Wireshark

Affected Software

VendorProductVersion RangeStatus
Wireshark FoundationWireshark0 <= 4.0.5affected
Wireshark FoundationWireshark4.0.6unaffected
Wireshark FoundationWireshark0 <= 3.6.13affected
Wireshark FoundationWireshark3.6.14unaffected

Weaknesses

  • CWE-122: CWE-122 Heap-based Buffer Overflow

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: poc
    • Automatable: no
    • Technical Impact: partial

References