/

CVE-2023-1992 Report - Details, Severity, & Advisories

CVE-2023-1992 Report - Details, Severity, & Advisories

Twingate Team

Apr 11, 2024

CVE-2023-1992 is a high-severity vulnerability affecting certain versions of Wireshark, Debian Linux, and Fedora systems. This vulnerability, found in Wireshark versions 4.0.0 to 4.0.4 and 3.6.0 to 3.6.12, allows denial of service attacks via packet injection or a crafted capture file. Users are advised to update their software to mitigate the risk associated with this vulnerability.

How do I know if I'm affected?

If you're using Wireshark, Debian Linux, or Fedora, you might be affected by the vulnerability. Specifically, Wireshark versions 3.6.0 to 3.6.12 and 4.0.0 to 4.0.4, Debian Linux versions 10.0 and 12.0, and Fedora versions 36, 37, and 38 are impacted. To check if you're affected, verify the version of your software and compare it to the mentioned vulnerable versions. Keep in mind that this vulnerability can lead to denial of service attacks, so it's important to stay informed and take necessary precautions.

What should I do if I'm affected?

If you're affected by the vulnerability, it's important to update your software. For Debian users, upgrade Wireshark packages to version 2.6.20-0+deb10u6. Fedora users should install the update using the command 'dnf upgrade --advisory FEDORA-2023-f70fbf64cb'. By updating to the latest versions, you can mitigate the risk associated with this vulnerability.

Is CVE-2023-1992 in CISA’s Known Exploited Vulnerabilities Catalog?

The CVE-2023-1992 vulnerability is not listed in CISA's Known Exploited Vulnerabilities Catalog. This vulnerability, known as the RPCoRDMA dissector crash in Wireshark, was added to the National Vulnerability Database on April 12, 2023. There is no specific due date or required action mentioned, but users are advised to update their Wireshark software to the latest version to avoid potential denial of service attacks.

Weakness enumeration

The Weakness Enumeration identifies the vulnerability as CWE-400, which is related to uncontrolled resource consumption. This issue affects Wireshark and can lead to denial of service attacks.

For more details

CVE-2023-1992 is a significant vulnerability affecting Wireshark, Debian Linux, and Fedora systems. By updating your software and staying informed, you can mitigate the risk of denial of service attacks. For a comprehensive overview of this vulnerability, including its description, severity, technical details, and known affected software configurations, visit the NVD page or the links below.

Rapidly implement a modern Zero Trust network that is more secure and maintainable than VPNs.

/

CVE-2023-1992 Report - Details, Severity, & Advisories

CVE-2023-1992 Report - Details, Severity, & Advisories

Twingate Team

Apr 11, 2024

CVE-2023-1992 is a high-severity vulnerability affecting certain versions of Wireshark, Debian Linux, and Fedora systems. This vulnerability, found in Wireshark versions 4.0.0 to 4.0.4 and 3.6.0 to 3.6.12, allows denial of service attacks via packet injection or a crafted capture file. Users are advised to update their software to mitigate the risk associated with this vulnerability.

How do I know if I'm affected?

If you're using Wireshark, Debian Linux, or Fedora, you might be affected by the vulnerability. Specifically, Wireshark versions 3.6.0 to 3.6.12 and 4.0.0 to 4.0.4, Debian Linux versions 10.0 and 12.0, and Fedora versions 36, 37, and 38 are impacted. To check if you're affected, verify the version of your software and compare it to the mentioned vulnerable versions. Keep in mind that this vulnerability can lead to denial of service attacks, so it's important to stay informed and take necessary precautions.

What should I do if I'm affected?

If you're affected by the vulnerability, it's important to update your software. For Debian users, upgrade Wireshark packages to version 2.6.20-0+deb10u6. Fedora users should install the update using the command 'dnf upgrade --advisory FEDORA-2023-f70fbf64cb'. By updating to the latest versions, you can mitigate the risk associated with this vulnerability.

Is CVE-2023-1992 in CISA’s Known Exploited Vulnerabilities Catalog?

The CVE-2023-1992 vulnerability is not listed in CISA's Known Exploited Vulnerabilities Catalog. This vulnerability, known as the RPCoRDMA dissector crash in Wireshark, was added to the National Vulnerability Database on April 12, 2023. There is no specific due date or required action mentioned, but users are advised to update their Wireshark software to the latest version to avoid potential denial of service attacks.

Weakness enumeration

The Weakness Enumeration identifies the vulnerability as CWE-400, which is related to uncontrolled resource consumption. This issue affects Wireshark and can lead to denial of service attacks.

For more details

CVE-2023-1992 is a significant vulnerability affecting Wireshark, Debian Linux, and Fedora systems. By updating your software and staying informed, you can mitigate the risk of denial of service attacks. For a comprehensive overview of this vulnerability, including its description, severity, technical details, and known affected software configurations, visit the NVD page or the links below.

Rapidly implement a modern Zero Trust network that is more secure and maintainable than VPNs.

CVE-2023-1992 Report - Details, Severity, & Advisories

Twingate Team

Apr 11, 2024

CVE-2023-1992 is a high-severity vulnerability affecting certain versions of Wireshark, Debian Linux, and Fedora systems. This vulnerability, found in Wireshark versions 4.0.0 to 4.0.4 and 3.6.0 to 3.6.12, allows denial of service attacks via packet injection or a crafted capture file. Users are advised to update their software to mitigate the risk associated with this vulnerability.

How do I know if I'm affected?

If you're using Wireshark, Debian Linux, or Fedora, you might be affected by the vulnerability. Specifically, Wireshark versions 3.6.0 to 3.6.12 and 4.0.0 to 4.0.4, Debian Linux versions 10.0 and 12.0, and Fedora versions 36, 37, and 38 are impacted. To check if you're affected, verify the version of your software and compare it to the mentioned vulnerable versions. Keep in mind that this vulnerability can lead to denial of service attacks, so it's important to stay informed and take necessary precautions.

What should I do if I'm affected?

If you're affected by the vulnerability, it's important to update your software. For Debian users, upgrade Wireshark packages to version 2.6.20-0+deb10u6. Fedora users should install the update using the command 'dnf upgrade --advisory FEDORA-2023-f70fbf64cb'. By updating to the latest versions, you can mitigate the risk associated with this vulnerability.

Is CVE-2023-1992 in CISA’s Known Exploited Vulnerabilities Catalog?

The CVE-2023-1992 vulnerability is not listed in CISA's Known Exploited Vulnerabilities Catalog. This vulnerability, known as the RPCoRDMA dissector crash in Wireshark, was added to the National Vulnerability Database on April 12, 2023. There is no specific due date or required action mentioned, but users are advised to update their Wireshark software to the latest version to avoid potential denial of service attacks.

Weakness enumeration

The Weakness Enumeration identifies the vulnerability as CWE-400, which is related to uncontrolled resource consumption. This issue affects Wireshark and can lead to denial of service attacks.

For more details

CVE-2023-1992 is a significant vulnerability affecting Wireshark, Debian Linux, and Fedora systems. By updating your software and staying informed, you can mitigate the risk of denial of service attacks. For a comprehensive overview of this vulnerability, including its description, severity, technical details, and known affected software configurations, visit the NVD page or the links below.