CNVD-2024-39273 — Vulnetix

CNVD-2024-39273 PUBLISHED CVSS 5.300000190734863 MEDIUM

Wireshark（前称Ethereal）是导线鲨鱼（Wireshark）团队的一套网络数据包分析软件。该软件的功能是截取网络数据包，并显示出详细的数据以供分析。 Wireshark存在安全漏洞，该漏洞源于BLF文件解析器崩溃，攻击者可利用该漏洞通过精心制作的捕获文件导致拒绝服务。

Risk Scores

CVSS v3.1

5.300000190734863

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L

Affected Products

Vendor	Product	Versions
Wireshark Foundation	Wireshark	>=3.6.0, <3.6.14, *

Exploit Intelligence

CIRCL seen: CVE-2023-2854 (circl-sighting)
CIRCL published-proof-of-concept: CVE-2023-2854 (circl-sighting)
https://www.wireshark.org/security/wnpa-sec-2023-17.html (circl)
https://gitlab.com/wireshark/wireshark/-/issues/19084 (circl)
https://gitlab.com/gitlab-org/cves/-/blob/master/2023/CVE-2023-2854.json (circl)
DSA-5429 (circl)
GLSA-202309-02 (circl)

Timeline

May 26, 2023 CVE Published
May 27, 2023 PoC Published
May 30, 2023 CVE ID Reserved
Jan 15, 2025 PoC Published
May 2, 2026 Distribution Patch
May 2, 2026 Security Advisory
May 2, 2026 Security Advisory

References

https://www.wireshark.org/security/wnpa-sec-2023-17.html url
https://gitlab.com/wireshark/wireshark/-/issues/19084 url
https://gitlab.com/gitlab-org/cves/-/blob/master/2023/CVE-2023-2854.json url
DSA-5429 vendor-advisory
GLSA-202309-02 vendor-advisory

Open in Interactive Console →

$ Console Community · 100/wk Open console ›