Amazon Linux AMI update for wireshark

1) Resource exhaustion

EUVDB-ID: #VU70041

Risk: Medium

CVSSv4.0: 6.6 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]

CVE-ID: CVE-2022-4344

CWE-ID: CWE-400 - Resource exhaustion

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to application does not properly control consumption of internal resources within the Kafka dissector. A remote attacker can trigger resource exhaustion and perform a denial of service (DoS) attack.

Mitigation

Update the affected packages:

aarch64:
    wireshark-cli-debuginfo-4.0.3-1.amzn2023.0.1.aarch64
    wireshark-cli-4.0.3-1.amzn2023.0.1.aarch64
    wireshark-devel-4.0.3-1.amzn2023.0.1.aarch64
    wireshark-debugsource-4.0.3-1.amzn2023.0.1.aarch64

src:
    wireshark-4.0.3-1.amzn2023.0.1.src

x86_64:
    wireshark-cli-debuginfo-4.0.3-1.amzn2023.0.1.x86_64
    wireshark-cli-4.0.3-1.amzn2023.0.1.x86_64
    wireshark-devel-4.0.3-1.amzn2023.0.1.x86_64
    wireshark-debugsource-4.0.3-1.amzn2023.0.1.x86_64

Vulnerable software versions

Amazon Linux AMI: All versions

wireshark: All versions

CPE2.3

External links

https://alas.aws.amazon.com/AL2023/ALAS-2023-120.html

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

2) Infinite loop

EUVDB-ID: #VU70040

Risk: Medium

CVSSv4.0: 6.6 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]

CVE-ID: CVE-2022-4345

CWE-ID: CWE-835 - Loop with Unreachable Exit Condition ('Infinite Loop')

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to infinite loop within the BPv6, OpenFlow, and Kafka protocol dissectors. A remote attacker can consume all available system resources and cause denial of service conditions.

Mitigation

Update the affected packages:

aarch64:
    wireshark-cli-debuginfo-4.0.3-1.amzn2023.0.1.aarch64
    wireshark-cli-4.0.3-1.amzn2023.0.1.aarch64
    wireshark-devel-4.0.3-1.amzn2023.0.1.aarch64
    wireshark-debugsource-4.0.3-1.amzn2023.0.1.aarch64

src:
    wireshark-4.0.3-1.amzn2023.0.1.src

x86_64:
    wireshark-cli-debuginfo-4.0.3-1.amzn2023.0.1.x86_64
    wireshark-cli-4.0.3-1.amzn2023.0.1.x86_64
    wireshark-devel-4.0.3-1.amzn2023.0.1.x86_64
    wireshark-debugsource-4.0.3-1.amzn2023.0.1.x86_64

Vulnerable software versions

Amazon Linux AMI: All versions

wireshark: All versions

CPE2.3

External links

https://alas.aws.amazon.com/AL2023/ALAS-2023-120.html

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

3) Infinite loop

EUVDB-ID: #VU71337

Risk: Medium

CVSSv4.0: 6.6 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]

CVE-ID: CVE-2023-0411

CWE-ID: CWE-835 - Loop with Unreachable Exit Condition ('Infinite Loop')

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to infinite loop within the BPv6, NCP, and RTPS dissectors. A remote attacker can consume all available CPU resources and cause denial of service conditions.

Mitigation

Update the affected packages:

aarch64:
    wireshark-cli-debuginfo-4.0.3-1.amzn2023.0.1.aarch64
    wireshark-cli-4.0.3-1.amzn2023.0.1.aarch64
    wireshark-devel-4.0.3-1.amzn2023.0.1.aarch64
    wireshark-debugsource-4.0.3-1.amzn2023.0.1.aarch64

src:
    wireshark-4.0.3-1.amzn2023.0.1.src

x86_64:
    wireshark-cli-debuginfo-4.0.3-1.amzn2023.0.1.x86_64
    wireshark-cli-4.0.3-1.amzn2023.0.1.x86_64
    wireshark-devel-4.0.3-1.amzn2023.0.1.x86_64
    wireshark-debugsource-4.0.3-1.amzn2023.0.1.x86_64

Vulnerable software versions

Amazon Linux AMI: All versions

wireshark: All versions

CPE2.3

External links

https://alas.aws.amazon.com/AL2023/ALAS-2023-120.html

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

4) Input validation error

EUVDB-ID: #VU71335

Risk: Medium

CVSSv4.0: 6.6 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]

CVE-ID: CVE-2023-0412

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to insufficient validation of user-supplied input within the TIPC dissector. A remote attacker can pass specially crafted input to the application and perform a denial of service (DoS) attack.

Mitigation

Update the affected packages:

aarch64:
    wireshark-cli-debuginfo-4.0.3-1.amzn2023.0.1.aarch64
    wireshark-cli-4.0.3-1.amzn2023.0.1.aarch64
    wireshark-devel-4.0.3-1.amzn2023.0.1.aarch64
    wireshark-debugsource-4.0.3-1.amzn2023.0.1.aarch64

src:
    wireshark-4.0.3-1.amzn2023.0.1.src

x86_64:
    wireshark-cli-debuginfo-4.0.3-1.amzn2023.0.1.x86_64
    wireshark-cli-4.0.3-1.amzn2023.0.1.x86_64
    wireshark-devel-4.0.3-1.amzn2023.0.1.x86_64
    wireshark-debugsource-4.0.3-1.amzn2023.0.1.x86_64

Vulnerable software versions

Amazon Linux AMI: All versions

wireshark: All versions

CPE2.3

External links

https://alas.aws.amazon.com/AL2023/ALAS-2023-120.html

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

5) Input validation error

EUVDB-ID: #VU71340

Risk: Medium

CVSSv4.0: 6.6 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]

CVE-ID: CVE-2023-0413

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to insufficient validation of user-supplied input within the conversation tracking module in Dissection engine. A remote attacker can pass specially crafted traffic to the application and perform a denial of service (DoS) attack.

Mitigation

Update the affected packages:

aarch64:
    wireshark-cli-debuginfo-4.0.3-1.amzn2023.0.1.aarch64
    wireshark-cli-4.0.3-1.amzn2023.0.1.aarch64
    wireshark-devel-4.0.3-1.amzn2023.0.1.aarch64
    wireshark-debugsource-4.0.3-1.amzn2023.0.1.aarch64

src:
    wireshark-4.0.3-1.amzn2023.0.1.src

x86_64:
    wireshark-cli-debuginfo-4.0.3-1.amzn2023.0.1.x86_64
    wireshark-cli-4.0.3-1.amzn2023.0.1.x86_64
    wireshark-devel-4.0.3-1.amzn2023.0.1.x86_64
    wireshark-debugsource-4.0.3-1.amzn2023.0.1.x86_64

Vulnerable software versions

Amazon Linux AMI: All versions

wireshark: All versions

CPE2.3

External links

https://alas.aws.amazon.com/AL2023/ALAS-2023-120.html

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

6) Input validation error

EUVDB-ID: #VU71342

Risk: Medium

CVSSv4.0: 6.6 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]

CVE-ID: CVE-2023-0414

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to insufficient validation of user-supplied input within the EAP dissector. A remote attacker can pass specially crafted traffic to the application and perform a denial of service (DoS) attack.

Mitigation

Update the affected packages:

aarch64:
    wireshark-cli-debuginfo-4.0.3-1.amzn2023.0.1.aarch64
    wireshark-cli-4.0.3-1.amzn2023.0.1.aarch64
    wireshark-devel-4.0.3-1.amzn2023.0.1.aarch64
    wireshark-debugsource-4.0.3-1.amzn2023.0.1.aarch64

src:
    wireshark-4.0.3-1.amzn2023.0.1.src

x86_64:
    wireshark-cli-debuginfo-4.0.3-1.amzn2023.0.1.x86_64
    wireshark-cli-4.0.3-1.amzn2023.0.1.x86_64
    wireshark-devel-4.0.3-1.amzn2023.0.1.x86_64
    wireshark-debugsource-4.0.3-1.amzn2023.0.1.x86_64

Vulnerable software versions

Amazon Linux AMI: All versions

wireshark: All versions

CPE2.3

External links

https://alas.aws.amazon.com/AL2023/ALAS-2023-120.html

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

7) Input validation error

EUVDB-ID: #VU71338

Risk: Medium

CVSSv4.0: 6.6 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]

CVE-ID: CVE-2023-0415

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to insufficient validation of user-supplied input within the iSCSI dissector. A remote attacker can pass specially crafted traffic to the application and perform a denial of service (DoS) attack.

Mitigation

Update the affected packages:

aarch64:
    wireshark-cli-debuginfo-4.0.3-1.amzn2023.0.1.aarch64
    wireshark-cli-4.0.3-1.amzn2023.0.1.aarch64
    wireshark-devel-4.0.3-1.amzn2023.0.1.aarch64
    wireshark-debugsource-4.0.3-1.amzn2023.0.1.aarch64

src:
    wireshark-4.0.3-1.amzn2023.0.1.src

x86_64:
    wireshark-cli-debuginfo-4.0.3-1.amzn2023.0.1.x86_64
    wireshark-cli-4.0.3-1.amzn2023.0.1.x86_64
    wireshark-devel-4.0.3-1.amzn2023.0.1.x86_64
    wireshark-debugsource-4.0.3-1.amzn2023.0.1.x86_64

Vulnerable software versions

Amazon Linux AMI: All versions

wireshark: All versions

CPE2.3

External links

https://alas.aws.amazon.com/AL2023/ALAS-2023-120.html

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

8) Input validation error

EUVDB-ID: #VU71339

Risk: Medium

CVSSv4.0: 6.6 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]

CVE-ID: CVE-2023-0416

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to insufficient validation of user-supplied input within the GNW dissector. A remote attacker can pass specially crafted traffic to the application and perform a denial of service (DoS) attack.

Mitigation

Update the affected packages:

aarch64:
    wireshark-cli-debuginfo-4.0.3-1.amzn2023.0.1.aarch64
    wireshark-cli-4.0.3-1.amzn2023.0.1.aarch64
    wireshark-devel-4.0.3-1.amzn2023.0.1.aarch64
    wireshark-debugsource-4.0.3-1.amzn2023.0.1.aarch64

src:
    wireshark-4.0.3-1.amzn2023.0.1.src

x86_64:
    wireshark-cli-debuginfo-4.0.3-1.amzn2023.0.1.x86_64
    wireshark-cli-4.0.3-1.amzn2023.0.1.x86_64
    wireshark-devel-4.0.3-1.amzn2023.0.1.x86_64
    wireshark-debugsource-4.0.3-1.amzn2023.0.1.x86_64

Vulnerable software versions

Amazon Linux AMI: All versions

wireshark: All versions

CPE2.3

External links

https://alas.aws.amazon.com/AL2023/ALAS-2023-120.html

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

9) Memory leak

EUVDB-ID: #VU71341

Risk: Medium

CVSSv4.0: 6.6 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]

CVE-ID: CVE-2023-0417

CWE-ID: CWE-401 - Missing release of memory after effective lifetime

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform DoS attack on the target system.

The vulnerability exists due memory leak within the NFS dissector. A remote attacker can force the application to leak memory and perform denial of service attack.

Mitigation

Update the affected packages:

aarch64:
    wireshark-cli-debuginfo-4.0.3-1.amzn2023.0.1.aarch64
    wireshark-cli-4.0.3-1.amzn2023.0.1.aarch64
    wireshark-devel-4.0.3-1.amzn2023.0.1.aarch64
    wireshark-debugsource-4.0.3-1.amzn2023.0.1.aarch64

src:
    wireshark-4.0.3-1.amzn2023.0.1.src

x86_64:
    wireshark-cli-debuginfo-4.0.3-1.amzn2023.0.1.x86_64
    wireshark-cli-4.0.3-1.amzn2023.0.1.x86_64
    wireshark-devel-4.0.3-1.amzn2023.0.1.x86_64
    wireshark-debugsource-4.0.3-1.amzn2023.0.1.x86_64

Vulnerable software versions

Amazon Linux AMI: All versions

wireshark: All versions

CPE2.3

External links

https://alas.aws.amazon.com/AL2023/ALAS-2023-120.html

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

Risk	Medium
Patch available	YES
Number of vulnerabilities	9
CVE-ID	CVE-2022-4344 CVE-2022-4345 CVE-2023-0411 CVE-2023-0412 CVE-2023-0413 CVE-2023-0414 CVE-2023-0415 CVE-2023-0416 CVE-2023-0417
CWE-ID	CWE-400 CWE-835 CWE-20 CWE-401
Exploitation vector	Network
Public exploit	N/A
Vulnerable software	Amazon Linux AMI Operating systems & Components / Operating system wireshark Operating systems & Components / Operating system package or component
Vendor	Amazon Web Services