CVE-2023-3648

EPSS 0.02%
Veröffentlicht 14.07.2023 07:15:08
Zuletzt bearbeitet 03.11.2025 22:16:25
Quelle cve@gitlab.com
CVE-Watchlists
Login
Unerledigt
Login

Mismatched Memory Management Routines in Wireshark

Kafka dissector crash in Wireshark 4.0.0 to 4.0.6 and 3.6.0 to 3.6.14 allows denial of service via packet injection or crafted capture file

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 6

NVD 2 VulnDex Vulnerability Enrichment 0

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Wireshark ≫ Wireshark Version >= 3.6.0 <= 3.6.14

Wireshark ≫ Wireshark Version >= 4.0.0 <= 4.0.6

Zu dieser CVE wurde keine Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.02%	0.058

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	5.5	1.8	3.6	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
cve@gitlab.com	5.3	1.8	3.4	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L

CWE-762 Mismatched Memory Management Routines

The product attempts to return a memory resource to the system, but it calls a release function that is not compatible with the function that was originally used to allocate that resource.

https://gitlab.com/wireshark/wireshark/-/issues/19105

Vendor Advisory

https://www.wireshark.org/security/wnpa-sec-2023-21.html

Vendor Advisory

https://lists.debian.org/debian-lts-announce/2024/09/msg00049.html

https://nvd.nist.gov/vuln/detail/CVE-2023-3648

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2023-3648

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2023-3648

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2023-3648