===================================================================                                CERT-Renater

                     Note d'Information No. 2023/VULN160

_____________________________________________________________________

DATE                : 14/04/2023

HARDWARE PLATFORM(S): /

OPERATING SYSTEM(S): Systems running Wireshark versions prior to 4.0.5,
                                           3.6.13.

====================================================================https://www.wireshark.org/security/wnpa-sec-2023-11.html
_____________________________________________________________________

wnpa-sec-2023-11 · GQUIC dissector crash


Summary

Name: GQUIC dissector crash

Docid: wnpa-sec-2023-11

Date: April 12, 2023

Affected versions: 4.0.0 to 4.0.4, 3.6.0 to 3.6.12

Fixed versions: 4.0.5, 3.6.13

References:

Wireshark issue 18947.
CVE-2023-1994.


Details

Description

The GQUIC dissector could crash.


Impact

It may be possible to make Wireshark crash by injecting a
malformed packet onto the wire or by convincing someone to
read a malformed packet trace file.


Resolution

Upgrade to Wireshark 4.0.5, 3.6.13 or later.


========================================================+ CERT-RENATER        |    tel : 01-53-94-20-44         +
+ 23/25 Rue Daviel    |    fax : 01-53-94-20-41         +
+ 75013 Paris         |   email:cert@support.renater.fr +
=======================================================