Bug 897974 (CVE-2023-0411, CVE-2023-0413, CVE-2023-0414, CVE-2023-0415, CVE-2023-0416, CVE-2023-0417)

Summary:	<net-analyzer/wireshark-{3.6.11,4.0.3}: multiple vulnerabilities
Product:	Gentoo Security	Reporter:	John Helmert III <ajak>
Component:	Vulnerabilities	Assignee:	Gentoo Security <security>
Status:	RESOLVED FIXED
Severity:	minor	CC:	sam
Priority:	Normal
Version:	unspecified
Hardware:	All
OS:	Linux
Whiteboard:	B3 [noglsa]
Package list:		Runtime testing required:	---
Bug Depends on:	892151, 892191
Bug Blocks:

Description John Helmert III archtester

2023-02-26 18:32:48 UTC

CVE-2023-0411 (https://www.wireshark.org/security/wnpa-sec-2023-06.html):

Excessive loops in multiple dissectors in Wireshark 4.0.0 to 4.0.2 and 3.6.0 to 3.6.10 and allows denial of service via packet injection or crafted capture file

CVE-2023-0413 (https://www.wireshark.org/security/wnpa-sec-2023-03.html):

Dissection engine bug in Wireshark 4.0.0 to 4.0.2 and 3.6.0 to 3.6.10 and allows denial of service via packet injection or crafted capture file

CVE-2023-0414 (https://www.wireshark.org/security/wnpa-sec-2023-01.html):

Crash in the EAP dissector in Wireshark 4.0.0 to 4.0.2 allows denial of service via packet injection or crafted capture file

CVE-2023-0415 (https://www.wireshark.org/security/wnpa-sec-2023-05.html):

iSCSI dissector crash in Wireshark 4.0.0 to 4.0.2 and 3.6.0 to 3.6.10 and allows denial of service via packet injection or crafted capture file

CVE-2023-0416 (https://www.wireshark.org/security/wnpa-sec-2023-04.html):

GNW dissector crash in Wireshark 4.0.0 to 4.0.2 and 3.6.0 to 3.6.10 and allows denial of service via packet injection or crafted capture file

CVE-2023-0417 (https://www.wireshark.org/security/wnpa-sec-2023-02.html):

Memory leak in the NFS dissector in Wireshark 4.0.0 to 4.0.2 and 3.6.0 to 3.6.10 and allows denial of service via packet injection or crafted capture file

Please stabilize 3.6.11, 4.0.3.