CVE Details for CVE: CVE-2023-0666
Summary
Due to failure in validating the length provided by an attacker-crafted RTPS packet, Wireshark version 4.0.5 and prior, by default, is susceptible to a heap-based buffer overflow, and possibly code execution in the context of the process running Wireshark.
Timestamps
Last major update 20-10-2023 - 20:53
Published 07-06-2023 - 03:15
Last modified 20-10-2023 - 20:53
Vulnerable Configurations
  • cpe:2.3:a:wireshark:wireshark:4.0.0:*:*:*:*:*:*:*
    cpe:2.3:a:wireshark:wireshark:4.0.0:*:*:*:*:*:*:*
  • cpe:2.3:a:wireshark:wireshark:4.0.1:*:*:*:*:*:*:*
    cpe:2.3:a:wireshark:wireshark:4.0.1:*:*:*:*:*:*:*
  • cpe:2.3:a:wireshark:wireshark:4.0.2:*:*:*:*:*:*:*
    cpe:2.3:a:wireshark:wireshark:4.0.2:*:*:*:*:*:*:*
  • cpe:2.3:a:wireshark:wireshark:4.0.3:*:*:*:*:*:*:*
    cpe:2.3:a:wireshark:wireshark:4.0.3:*:*:*:*:*:*:*
  • cpe:2.3:a:wireshark:wireshark:4.0.4:*:*:*:*:*:*:*
    cpe:2.3:a:wireshark:wireshark:4.0.4:*:*:*:*:*:*:*
  • cpe:2.3:a:wireshark:wireshark:4.0.5:*:*:*:*:*:*:*
    cpe:2.3:a:wireshark:wireshark:4.0.5:*:*:*:*:*:*:*
  • cpe:2.3:o:debian:debian_linux:12.0:*:*:*:*:*:*:*
    cpe:2.3:o:debian:debian_linux:12.0:*:*:*:*:*:*:*
CAPEC
Click the CAPEC title to display a description
CWE
CVSS
Base
None
Impact
Exploitability
Access
VectorComplexityAuthentication
Impact
ConfidentialityIntegrityAvailability
CVSS3
Base
6.5
Impact
3.6
Exploitability
2.8
Access
Attack ComplexityAttack vectorPrivileges RequiredScopeUser Interaction
LOW NETWORK NONE UNCHANGED REQUIRED
Impact
ConfidentialityIntegrityAvailability
NONE NONE HIGH
VIA4 references
cvss3-vector via4
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H