Amazon Linux AMI update for wireshark

1) Input validation error

EUVDB-ID: #VU76496

Risk: Medium

CVSSv4.0: 6.6 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]

CVE-ID: CVE-2023-0666

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to insufficient validation of user-supplied input within the RTPS dissector. A remote attacker can pass specially crafted input to the application and perform a denial of service (DoS) attack.

Mitigation

Update the affected packages:

aarch64:
    wireshark-cli-debuginfo-4.0.6-1.amzn2023.0.1.aarch64
    wireshark-cli-4.0.6-1.amzn2023.0.1.aarch64
    wireshark-devel-4.0.6-1.amzn2023.0.1.aarch64
    wireshark-debugsource-4.0.6-1.amzn2023.0.1.aarch64

src:
    wireshark-4.0.6-1.amzn2023.0.1.src

x86_64:
    wireshark-cli-debuginfo-4.0.6-1.amzn2023.0.1.x86_64
    wireshark-cli-4.0.6-1.amzn2023.0.1.x86_64
    wireshark-devel-4.0.6-1.amzn2023.0.1.x86_64
    wireshark-debugsource-4.0.6-1.amzn2023.0.1.x86_64

Vulnerable software versions

Amazon Linux AMI: All versions

wireshark: All versions

CPE2.3

External links

https://alas.aws.amazon.com/AL2023/ALAS-2023-197.html

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

2) Input validation error

EUVDB-ID: #VU76497

Risk: Medium

CVSSv4.0: 6.6 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]

CVE-ID: CVE-2023-0668

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to insufficient validation of user-supplied input within the IEEE C37.118 Synchrophasor dissector. A remote attacker can pass specially crafted input to the application and perform a denial of service (DoS) attack.

Mitigation

Update the affected packages:

aarch64:
    wireshark-cli-debuginfo-4.0.6-1.amzn2023.0.1.aarch64
    wireshark-cli-4.0.6-1.amzn2023.0.1.aarch64
    wireshark-devel-4.0.6-1.amzn2023.0.1.aarch64
    wireshark-debugsource-4.0.6-1.amzn2023.0.1.aarch64

src:
    wireshark-4.0.6-1.amzn2023.0.1.src

x86_64:
    wireshark-cli-debuginfo-4.0.6-1.amzn2023.0.1.x86_64
    wireshark-cli-4.0.6-1.amzn2023.0.1.x86_64
    wireshark-devel-4.0.6-1.amzn2023.0.1.x86_64
    wireshark-debugsource-4.0.6-1.amzn2023.0.1.x86_64

Vulnerable software versions

Amazon Linux AMI: All versions

wireshark: All versions

CPE2.3

External links

https://alas.aws.amazon.com/AL2023/ALAS-2023-197.html

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

3) Input validation error

EUVDB-ID: #VU76495

Risk: Medium

CVSSv4.0: 6.6 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]

CVE-ID: CVE-2023-2854

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to insufficient validation of user-supplied input in BLF file parser. A remote attacker can pass specially crafted input to the application and perform a denial of service (DoS) attack.

Mitigation

Update the affected packages:

aarch64:
    wireshark-cli-debuginfo-4.0.6-1.amzn2023.0.1.aarch64
    wireshark-cli-4.0.6-1.amzn2023.0.1.aarch64
    wireshark-devel-4.0.6-1.amzn2023.0.1.aarch64
    wireshark-debugsource-4.0.6-1.amzn2023.0.1.aarch64

src:
    wireshark-4.0.6-1.amzn2023.0.1.src

x86_64:
    wireshark-cli-debuginfo-4.0.6-1.amzn2023.0.1.x86_64
    wireshark-cli-4.0.6-1.amzn2023.0.1.x86_64
    wireshark-devel-4.0.6-1.amzn2023.0.1.x86_64
    wireshark-debugsource-4.0.6-1.amzn2023.0.1.x86_64

Vulnerable software versions

Amazon Linux AMI: All versions

wireshark: All versions

CPE2.3

External links

https://alas.aws.amazon.com/AL2023/ALAS-2023-197.html

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

4) Input validation error

EUVDB-ID: #VU76490

Risk: Medium

CVSSv4.0: 6.6 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]

CVE-ID: CVE-2023-2855

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to insufficient validation of user-supplied input in Candump log file parser. A remote attacker can pass specially crafted input to the application and perform a denial of service (DoS) attack.

Mitigation

Update the affected packages:

aarch64:
    wireshark-cli-debuginfo-4.0.6-1.amzn2023.0.1.aarch64
    wireshark-cli-4.0.6-1.amzn2023.0.1.aarch64
    wireshark-devel-4.0.6-1.amzn2023.0.1.aarch64
    wireshark-debugsource-4.0.6-1.amzn2023.0.1.aarch64

src:
    wireshark-4.0.6-1.amzn2023.0.1.src

x86_64:
    wireshark-cli-debuginfo-4.0.6-1.amzn2023.0.1.x86_64
    wireshark-cli-4.0.6-1.amzn2023.0.1.x86_64
    wireshark-devel-4.0.6-1.amzn2023.0.1.x86_64
    wireshark-debugsource-4.0.6-1.amzn2023.0.1.x86_64

Vulnerable software versions

Amazon Linux AMI: All versions

wireshark: All versions

CPE2.3

External links

https://alas.aws.amazon.com/AL2023/ALAS-2023-197.html

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

5) Input validation error

EUVDB-ID: #VU76494

Risk: Medium

CVSSv4.0: 6.6 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]

CVE-ID: CVE-2023-2856

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to insufficient validation of user-supplied input in VMS TCPIPtrace file parser. A remote attacker can pass specially crafted input to the application and perform a denial of service (DoS) attack.

Mitigation

Update the affected packages:

aarch64:
    wireshark-cli-debuginfo-4.0.6-1.amzn2023.0.1.aarch64
    wireshark-cli-4.0.6-1.amzn2023.0.1.aarch64
    wireshark-devel-4.0.6-1.amzn2023.0.1.aarch64
    wireshark-debugsource-4.0.6-1.amzn2023.0.1.aarch64

src:
    wireshark-4.0.6-1.amzn2023.0.1.src

x86_64:
    wireshark-cli-debuginfo-4.0.6-1.amzn2023.0.1.x86_64
    wireshark-cli-4.0.6-1.amzn2023.0.1.x86_64
    wireshark-devel-4.0.6-1.amzn2023.0.1.x86_64
    wireshark-debugsource-4.0.6-1.amzn2023.0.1.x86_64

Vulnerable software versions

Amazon Linux AMI: All versions

wireshark: All versions

CPE2.3

External links

https://alas.aws.amazon.com/AL2023/ALAS-2023-197.html

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

6) Input validation error

EUVDB-ID: #VU76491

Risk: Medium

CVSSv4.0: 6.6 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]

CVE-ID: CVE-2023-2857

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to insufficient validation of user-supplied input in BLF file parser. A remote attacker can pass specially crafted input to the application and perform a denial of service (DoS) attack.

Mitigation

Update the affected packages:

aarch64:
    wireshark-cli-debuginfo-4.0.6-1.amzn2023.0.1.aarch64
    wireshark-cli-4.0.6-1.amzn2023.0.1.aarch64
    wireshark-devel-4.0.6-1.amzn2023.0.1.aarch64
    wireshark-debugsource-4.0.6-1.amzn2023.0.1.aarch64

src:
    wireshark-4.0.6-1.amzn2023.0.1.src

x86_64:
    wireshark-cli-debuginfo-4.0.6-1.amzn2023.0.1.x86_64
    wireshark-cli-4.0.6-1.amzn2023.0.1.x86_64
    wireshark-devel-4.0.6-1.amzn2023.0.1.x86_64
    wireshark-debugsource-4.0.6-1.amzn2023.0.1.x86_64

Vulnerable software versions

Amazon Linux AMI: All versions

wireshark: All versions

CPE2.3

External links

https://alas.aws.amazon.com/AL2023/ALAS-2023-197.html

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

7) Input validation error

EUVDB-ID: #VU76493

Risk: Medium

CVSSv4.0: 6.6 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]

CVE-ID: CVE-2023-2858

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to insufficient validation of user-supplied input in NetScaler file parser. A remote attacker can pass specially crafted input to the application and perform a denial of service (DoS) attack.

Mitigation

Update the affected packages:

aarch64:
    wireshark-cli-debuginfo-4.0.6-1.amzn2023.0.1.aarch64
    wireshark-cli-4.0.6-1.amzn2023.0.1.aarch64
    wireshark-devel-4.0.6-1.amzn2023.0.1.aarch64
    wireshark-debugsource-4.0.6-1.amzn2023.0.1.aarch64

src:
    wireshark-4.0.6-1.amzn2023.0.1.src

x86_64:
    wireshark-cli-debuginfo-4.0.6-1.amzn2023.0.1.x86_64
    wireshark-cli-4.0.6-1.amzn2023.0.1.x86_64
    wireshark-devel-4.0.6-1.amzn2023.0.1.x86_64
    wireshark-debugsource-4.0.6-1.amzn2023.0.1.x86_64

Vulnerable software versions

Amazon Linux AMI: All versions

wireshark: All versions

CPE2.3

External links

https://alas.aws.amazon.com/AL2023/ALAS-2023-197.html

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

8) Infinite loop

EUVDB-ID: #VU76492

Risk: Medium

CVSSv4.0: 6.6 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]

CVE-ID: CVE-2023-2879

CWE-ID: CWE-835 - Loop with Unreachable Exit Condition ('Infinite Loop')

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to infinite loop within the GDSDB dissector. A remote attacker can pass specially crafted input to the application, consume all available system resources and cause denial of service conditions.

Mitigation

Update the affected packages:

aarch64:
    wireshark-cli-debuginfo-4.0.6-1.amzn2023.0.1.aarch64
    wireshark-cli-4.0.6-1.amzn2023.0.1.aarch64
    wireshark-devel-4.0.6-1.amzn2023.0.1.aarch64
    wireshark-debugsource-4.0.6-1.amzn2023.0.1.aarch64

src:
    wireshark-4.0.6-1.amzn2023.0.1.src

x86_64:
    wireshark-cli-debuginfo-4.0.6-1.amzn2023.0.1.x86_64
    wireshark-cli-4.0.6-1.amzn2023.0.1.x86_64
    wireshark-devel-4.0.6-1.amzn2023.0.1.x86_64
    wireshark-debugsource-4.0.6-1.amzn2023.0.1.x86_64

Vulnerable software versions

Amazon Linux AMI: All versions

wireshark: All versions

CPE2.3

External links

https://alas.aws.amazon.com/AL2023/ALAS-2023-197.html

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

9) Infinite loop

EUVDB-ID: #VU76498

Risk: Medium

CVSSv4.0: 6.6 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]

CVE-ID: CVE-2023-2952

CWE-ID: CWE-835 - Loop with Unreachable Exit Condition ('Infinite Loop')

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to infinite loop within the XRA dissector. A remote attacker can pass specially crafted input to the application, consume all available system resources and cause denial of service conditions.

Mitigation

Update the affected packages:

aarch64:
    wireshark-cli-debuginfo-4.0.6-1.amzn2023.0.1.aarch64
    wireshark-cli-4.0.6-1.amzn2023.0.1.aarch64
    wireshark-devel-4.0.6-1.amzn2023.0.1.aarch64
    wireshark-debugsource-4.0.6-1.amzn2023.0.1.aarch64

src:
    wireshark-4.0.6-1.amzn2023.0.1.src

x86_64:
    wireshark-cli-debuginfo-4.0.6-1.amzn2023.0.1.x86_64
    wireshark-cli-4.0.6-1.amzn2023.0.1.x86_64
    wireshark-devel-4.0.6-1.amzn2023.0.1.x86_64
    wireshark-debugsource-4.0.6-1.amzn2023.0.1.x86_64

Vulnerable software versions

Amazon Linux AMI: All versions

wireshark: All versions

CPE2.3

External links

https://alas.aws.amazon.com/AL2023/ALAS-2023-197.html

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

Risk	Medium
Patch available	YES
Number of vulnerabilities	9
CVE-ID	CVE-2023-0666 CVE-2023-0668 CVE-2023-2854 CVE-2023-2855 CVE-2023-2856 CVE-2023-2857 CVE-2023-2858 CVE-2023-2879 CVE-2023-2952
CWE-ID	CWE-20 CWE-835
Exploitation vector	Network
Public exploit	N/A
Vulnerable software	Amazon Linux AMI Operating systems & Components / Operating system wireshark Operating systems & Components / Operating system package or component
Vendor	Amazon Web Services