CVE-2023-1161 : ISO 15765 and ISO 10681 dissector crash in Wireshark 4.0.0 to 4.0.3 and 3.6.0 to

ISO 15765 and ISO 10681 dissector crash in Wireshark 4.0.0 to 4.0.3 and 3.6.0 to 3.6.11 allows denial of service via packet injection or crafted capture file

Published 2023-03-06 21:15:11

Updated 2025-03-05 21:15:16

Source GitLab Inc.

View at NVD, CVE.org

Vulnerability category: Denial of service

Products affected by CVE-2023-1161

Debian » Debian Linux » Version: 10.0
cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*
Matching versions
Debian » Debian Linux » Version: 12.0
cpe:2.3:o:debian:debian_linux:12.0:*:*:*:*:*:*:*
Matching versions
Wireshark » Wireshark
Versions from including (>=) 4.0.0 and before (<) 4.0.4
cpe:2.3:a:wireshark:wireshark:*:*:*:*:*:*:*:*
Matching versions
Wireshark » Wireshark
Versions from including (>=) 3.6.0 and before (<) 3.6.12
cpe:2.3:a:wireshark:wireshark:*:*:*:*:*:*:*:*
Matching versions

Exploit prediction scoring system (EPSS) score for CVE-2023-1161

EPSS FAQ

0.14%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 31 %

Percentile, the proportion of vulnerabilities that are scored at or less

CVSS scores for CVE-2023-1161

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source
6.3	MEDIUM	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L	2.8	3.4	GitLab Inc.
Attack Vector: Network Attack Complexity: Low Privileges Required: None User Interaction: Required Scope: Unchanged Confidentiality: Low Integrity: Low Availability: Low
7.1	HIGH	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:H	2.8	4.2	NIST
Attack Vector: Network Attack Complexity: Low Privileges Required: None User Interaction: Required Scope: Unchanged Confidentiality: None Integrity: Low Availability: High

CWE ids for CVE-2023-1161

CWE-120 Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')

The product copies an input buffer to an output buffer without verifying that the size of the input buffer is less than the size of the output buffer, leading to a buffer overflow.

Assigned by: 134c704f-9b21-4f2e-91b3-4a467353bcc0 (Secondary)

References for CVE-2023-1161

https://www.debian.org/security/2023/dsa-5429

Debian -- Security Information -- DSA-5429-1 wireshark
Third Party Advisory

CVEs referencing this url
https://gitlab.com/gitlab-org/cves/-/blob/master/2023/CVE-2023-1161.json

2023/CVE-2023-1161.json · master · GitLab.org / cves · GitLab
Third Party Advisory
https://www.wireshark.org/security/wnpa-sec-2023-08.html

Wireshark • wnpa-sec-2023-08 ISO 15765 and ISO 10681 dissector crash
Vendor Advisory
https://security.gentoo.org/glsa/202309-02

Wireshark: Multiple Vulnerabilities (GLSA 202309-02) — Gentoo security
Third Party Advisory

CVEs referencing this url
https://gitlab.com/wireshark/wireshark/-/issues/18839

ISO15765 and ISO10681 dissectors corrupt memory and Wireshark may crash (#18839) · Issues · Wireshark Foundation / wireshark · GitLab
Issue Tracking;Vendor Advisory
https://lists.debian.org/debian-lts-announce/2023/04/msg00029.html

[SECURITY] [DLA 3402-1] wireshark security update
Mailing List;Third Party Advisory

CVEs referencing this url

Jump to

Vulnerability Details : CVE-2023-1161

Products affected by CVE-2023-1161

Exploit prediction scoring system (EPSS) score for CVE-2023-1161

CVSS scores for CVE-2023-1161

CWE ids for CVE-2023-1161

References for CVE-2023-1161