Hack infosec guys infected packet capture file exploiting flaws in the software Wireshark


Wireshark is a network packet analyzer that is both open-source and free, and it is used by people all over the globe. When it comes to packet analysis, it may be used in a variety of different ways. The initial version of Wireshark was distributed under the name “Ethreal” by Gerald Combs in the latter half of 1997. The most recent version of Wireshark is 4.0.6, which is compatible with the release that just occurred. Wireshark has reported, however, that the official 32-bit Windows binaries are no longer sent to customers.

Wireshark has addressed a number of security issues in this latest version, Wireshark has addressed 9 previously discovered security flaws. Along with the fixing of these flaws and addressing of these vulnerabilities, Wireshark has also extended support for several protocols. 

Stack buffer overflow in the candump_write_packet function, identified as CVE-2023-2855
An adversary may take advantage of this vulnerability by transmitting a payload file that has been carefully designed. This file, when opened by Wireshark, has the potential to cause the program to crash and may even result in code execution.

Heap buffer overflow vulnerability in the BLF reader, also known as CVE-2023-2857
The blf_pull_logcontainer_into_memory() method is susceptible to attack if a maliciously designed BLF file is sent to the target. An attacker may exploit this issue by submitting the file. Because of this, arbitrary code might end up being executed.

The GDSDB dissector’s never-ending loop
This vulnerability may be exploited by an attacker by delivering a malicious packet, which results in Wireshark using an excessive amount of its CPU resources.

Heap buffer overflow was discovered in nstrace_read_v10  also known as CVE-2023-2858
This vulnerability may be exploited by an attacker by submitting a malicious packet file that either results in a denial of service for Wireshark and causes the program to crash or runs arbitrary code.

Stack buffer overflow in the parse_vms_packet function, also known as CVE-2023-2856
The vulnerability may be exploited by a threat actor by having them transmit a malicious file to Wireshark. This file will then be read by the parse_vms_packet function, which will then cause Wireshark to crash. As an alternative, it may potentially lead to the production of arbitrary code.

Heap Buffer Overflow in blf_read_apptextmessage, also known as CVE-2023-2854
This vulnerability is present in the blf_read_apptextmessage function of the Wireshark BLF plugin. It is possible to exploit this vulnerability by submitting a string that has been specially designed, which will result in the execution of arbitrary code.

RTPS parsing buffer overflow, also known as CVE-2023-0666
In Wireshark versions 4.0.5 and earlier, the RTPS (Real-Time Publish-Subscribe) packet does not check the length in the rtps_util_add_type_library_type function. The vulnerability may be exploited by an attacker by having them transmit a huge file to the function in question, which will result in a heap buffer overflow and may also result in the execution of code.

CVE-2023-0668 is an overflow vulnerability in the IEEE C37.118 parsing buffer.
An out-of-bounds read capability exists in the global buffer known as conf_phasor_type. This capability does not check the length of the IEEE-C37.118 packet that is being transmitted by an attacker, which results in a heap-based buffer overflow and may lead to arbitrary code execution.

EHA XRA dissector endless loop
This vulnerability may be exploited by an attacker by delivering a malicious packet that, when received by Wireshark, can result in the program crashing.



Source link