CVE-2023-0667

MEDIUM

Wireshark < 4.0.6 - Out-of-Bounds Write

Title source: rule

Description

Due to failure in validating the length provided by an attacker-crafted MSMMS packet, Wireshark version 4.0.5 and prior, in an unusual configuration, is susceptible to a heap-based buffer overflow, and possibly code execution in the context of the process running Wireshark

References (4)

Core 4

Core References

Mailing List

https://lists.debian.org/debian-lts-announce/2024/09/msg00049.html

Third Party Advisory

https://security.gentoo.org/glsa/202309-02

Exploit, Third Party Advisory third-party-advisory

https://takeonme.org/cves/CVE-2023-0667.html

Exploit, Issue Tracking issue-tracking

https://gitlab.com/wireshark/wireshark/-/issues/19086

Scores

CVSS v3 6.5

EPSS 0.0023

EPSS Percentile 45.5%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

CISA SSVC

Vulnrichment

Exploitation poc

Automatable no

Technical Impact partial

Details

CWE

CWE-122 CWE-787

Status published

Products (1)

wireshark/wireshark 4.0.0 - 4.0.6

Published Jun 07, 2023

Tracked Since Feb 18, 2026