/

CVE-2023-1994 Report - Details, Severity, &Advisories

CVE-2023-1994 Report - Details, Severity, &Advisories

Twingate Team

Apr 4, 2024

CVE-2023-1994 is a medium-severity vulnerability affecting Wireshark, a popular network protocol analyzer. This vulnerability, specifically a GQUIC dissector crash, allows denial of service attacks via packet injection or a crafted capture file. It impacts various Wireshark versions, affecting various software configurations and systems that use these versions, including Debian Linux and Fedora.

How do I know if I'm affected?

To determine if you're affected by the vulnerability, check if you're using Wireshark versions 3.6.0 to 3.6.12 or 4.0.0 to 4.0.4. This vulnerability is a medium-severity issue that can cause denial-of-service attacks through packet injection or a crafted capture file. It's important to be aware of the software versions you're using to ensure your system's security. Note that this vulnerability does not affect any Apple product versions.

What should I do if I'm affected?

If you're affected by the vulnerability, it's crucial to update your Wireshark software. For Debian users, upgrade to version 2.6.20-0+deb10u6 for Debian 10 buster. Fedora users should update to Wireshark version 4.0.5-1.fc38. Regularly updating your software helps prevent potential security risks and keeps your system protected.

Is CVE-2023-1994 in CISA’s Known Exploited Vulnerabilities Catalog?

The CVE-2023-1994 vulnerability is not listed in CISA's Known Exploited Vulnerabilities Catalog. This medium-severity issue, known as a GQUIC dissector crash in Wireshark, can lead to denial of service attacks through packet injection or a crafted capture file. It's important to update your Wireshark software to the latest version to mitigate this vulnerability and maintain your system's security.

Weakness enumeration

The Weakness Enumeration for CVE-2023-1994 is identified as CWE-400, which refers to uncontrolled resource consumption, causing a GQUIC dissector crash in Wireshark and allowing denial of service attacks.

For more details

CVE-2023-1994 is a medium-severity vulnerability affecting Wireshark, with potential denial of service attacks through packet injection or crafted capture files. To ensure your system's security, it's crucial to update your software to the latest version. For a comprehensive understanding of this vulnerability, including its description, severity, technical details, and known affected software configurations, visit the NVD page or the links below.

Rapidly implement a modern Zero Trust network that is more secure and maintainable than VPNs.

/

CVE-2023-1994 Report - Details, Severity, &Advisories

CVE-2023-1994 Report - Details, Severity, &Advisories

Twingate Team

Apr 4, 2024

CVE-2023-1994 is a medium-severity vulnerability affecting Wireshark, a popular network protocol analyzer. This vulnerability, specifically a GQUIC dissector crash, allows denial of service attacks via packet injection or a crafted capture file. It impacts various Wireshark versions, affecting various software configurations and systems that use these versions, including Debian Linux and Fedora.

How do I know if I'm affected?

To determine if you're affected by the vulnerability, check if you're using Wireshark versions 3.6.0 to 3.6.12 or 4.0.0 to 4.0.4. This vulnerability is a medium-severity issue that can cause denial-of-service attacks through packet injection or a crafted capture file. It's important to be aware of the software versions you're using to ensure your system's security. Note that this vulnerability does not affect any Apple product versions.

What should I do if I'm affected?

If you're affected by the vulnerability, it's crucial to update your Wireshark software. For Debian users, upgrade to version 2.6.20-0+deb10u6 for Debian 10 buster. Fedora users should update to Wireshark version 4.0.5-1.fc38. Regularly updating your software helps prevent potential security risks and keeps your system protected.

Is CVE-2023-1994 in CISA’s Known Exploited Vulnerabilities Catalog?

The CVE-2023-1994 vulnerability is not listed in CISA's Known Exploited Vulnerabilities Catalog. This medium-severity issue, known as a GQUIC dissector crash in Wireshark, can lead to denial of service attacks through packet injection or a crafted capture file. It's important to update your Wireshark software to the latest version to mitigate this vulnerability and maintain your system's security.

Weakness enumeration

The Weakness Enumeration for CVE-2023-1994 is identified as CWE-400, which refers to uncontrolled resource consumption, causing a GQUIC dissector crash in Wireshark and allowing denial of service attacks.

For more details

CVE-2023-1994 is a medium-severity vulnerability affecting Wireshark, with potential denial of service attacks through packet injection or crafted capture files. To ensure your system's security, it's crucial to update your software to the latest version. For a comprehensive understanding of this vulnerability, including its description, severity, technical details, and known affected software configurations, visit the NVD page or the links below.

Rapidly implement a modern Zero Trust network that is more secure and maintainable than VPNs.

CVE-2023-1994 Report - Details, Severity, &Advisories

Twingate Team

Apr 4, 2024

CVE-2023-1994 is a medium-severity vulnerability affecting Wireshark, a popular network protocol analyzer. This vulnerability, specifically a GQUIC dissector crash, allows denial of service attacks via packet injection or a crafted capture file. It impacts various Wireshark versions, affecting various software configurations and systems that use these versions, including Debian Linux and Fedora.

How do I know if I'm affected?

To determine if you're affected by the vulnerability, check if you're using Wireshark versions 3.6.0 to 3.6.12 or 4.0.0 to 4.0.4. This vulnerability is a medium-severity issue that can cause denial-of-service attacks through packet injection or a crafted capture file. It's important to be aware of the software versions you're using to ensure your system's security. Note that this vulnerability does not affect any Apple product versions.

What should I do if I'm affected?

If you're affected by the vulnerability, it's crucial to update your Wireshark software. For Debian users, upgrade to version 2.6.20-0+deb10u6 for Debian 10 buster. Fedora users should update to Wireshark version 4.0.5-1.fc38. Regularly updating your software helps prevent potential security risks and keeps your system protected.

Is CVE-2023-1994 in CISA’s Known Exploited Vulnerabilities Catalog?

The CVE-2023-1994 vulnerability is not listed in CISA's Known Exploited Vulnerabilities Catalog. This medium-severity issue, known as a GQUIC dissector crash in Wireshark, can lead to denial of service attacks through packet injection or a crafted capture file. It's important to update your Wireshark software to the latest version to mitigate this vulnerability and maintain your system's security.

Weakness enumeration

The Weakness Enumeration for CVE-2023-1994 is identified as CWE-400, which refers to uncontrolled resource consumption, causing a GQUIC dissector crash in Wireshark and allowing denial of service attacks.

For more details

CVE-2023-1994 is a medium-severity vulnerability affecting Wireshark, with potential denial of service attacks through packet injection or crafted capture files. To ensure your system's security, it's crucial to update your software to the latest version. For a comprehensive understanding of this vulnerability, including its description, severity, technical details, and known affected software configurations, visit the NVD page or the links below.