Bug 2250148 (CVE-2023-6174)

Summary: CVE-2023-6174 wireshark: SSH dissector invalid read of memory blocks
Product: [Other] Security Response Reporter: Pedro Sampaio <psampaio>
Component: vulnerabilityAssignee: Product Security <prodsec-ir-bot>
Status: NEW --- QA Contact:
Severity: low Docs Contact:
Priority: low    
Version: unspecifiedKeywords: Security
Target Milestone: ---   
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: wireshark 4.0.11 Doc Type: If docs needed, set a value
Doc Text:
An invalid memory block read was found in Wireshark's SSH dissector. This issue may lead to an application crash and denial of service via packet injection or crafted capture file.
 Story Points: ---
Clone Of: Environment:
Last Closed: Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 2250154    
Bug Blocks: 2250156    

Description Pedro Sampaio 2023-11-16 18:45:32 UTC 
SSH dissector crash in Wireshark 4.0.0 to 4.0.10 allows denial of service via packet injection or crafted capture file.

References:

https://www.wireshark.org/security/wnpa-sec-2023-28.html
https://gitlab.com/wireshark/wireshark/-/issues/19369
Comment 1 Pedro Sampaio 2023-11-16 19:06:35 UTC 
Created wireshark tracking bugs for this issue:

Affects: fedora-all [bug 2250154]