2250148 – (CVE-2023-6174) CVE-2023-6174 wireshark: SSH dissector invalid read of memory blocks

Bug 2250148 (CVE-2023-6174) - CVE-2023-6174 wireshark: SSH dissector invalid read of memory blocks

Summary: CVE-2023-6174 wireshark: SSH dissector invalid read of memory blocks

Keywords:
Status:	NEW
Alias:	CVE-2023-6174
Product:	Security Response
Classification:	Other
Component:	vulnerability
Sub Component:
Version:	unspecified
Hardware:	All
OS:	Linux
Priority:	low
Severity:	low
Target Milestone:	---
Assignee:	Product Security
QA Contact:
Docs Contact:
URL:
Whiteboard:
Depends On:	2250154
Blocks:	2250156
TreeView+	depends on / blocked

Reported:	2023-11-16 18:45 UTC by Pedro Sampaio
Modified:	2023-11-17 05:16 UTC (History)
CC List:	0 users
Fixed In Version:	wireshark 4.0.11
Doc Type:	If docs needed, set a value
Doc Text:	An invalid memory block read was found in Wireshark's SSH dissector. This issue may lead to an application crash and denial of service via packet injection or crafted capture file.
Clone Of:
Environment:
Last Closed:
Embargoed:

Attachments	(Terms of Use)

Description Pedro Sampaio 2023-11-16 18:45:32 UTC

SSH dissector crash in Wireshark 4.0.0 to 4.0.10 allows denial of service via packet injection or crafted capture file.

References:

https://www.wireshark.org/security/wnpa-sec-2023-28.html
https://gitlab.com/wireshark/wireshark/-/issues/19369

Comment 1 Pedro Sampaio 2023-11-16 19:06:35 UTC

Created wireshark tracking bugs for this issue:

Affects: fedora-all [bug 2250154]

Note You need to log in before you can comment on or make changes to this bug.