{
  "threat_severity" : "Moderate",
  "public_date" : "2023-05-18T00:00:00Z",
  "bugzilla" : {
    "description" : "wireshark: RTPS dissector crash",
    "id" : "2210832",
    "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=2210832"
  },
  "cvss3" : {
    "cvss3_base_score" : "6.5",
    "cvss3_scoring_vector" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
    "status" : "verified"
  },
  "cwe" : "CWE-122",
  "details" : [ "Due to failure in validating the length provided by an attacker-crafted RTPS packet, Wireshark version 4.0.5 and prior, by default, is susceptible to a heap-based buffer overflow, and possibly code execution in the context of the process running Wireshark.", "A flaw was found in the RTPS dissector of Wireshark. This issue occurs when decoding malformed packets from a pcap file or from the network, causing a buffer overflow, resulting in a denial of service." ],
  "affected_release" : [ {
    "product_name" : "Red Hat Enterprise Linux 8",
    "release_date" : "2023-11-14T00:00:00Z",
    "advisory" : "RHSA-2023:7015",
    "cpe" : "cpe:/a:redhat:enterprise_linux:8",
    "package" : "wireshark-1:2.6.2-17.el8"
  }, {
    "product_name" : "Red Hat Enterprise Linux 9",
    "release_date" : "2023-11-07T00:00:00Z",
    "advisory" : "RHSA-2023:6469",
    "cpe" : "cpe:/a:redhat:enterprise_linux:9",
    "package" : "wireshark-1:3.4.10-6.el9"
  } ],
  "package_state" : [ {
    "product_name" : "Red Hat Enterprise Linux 6",
    "fix_state" : "Out of support scope",
    "package_name" : "wireshark",
    "cpe" : "cpe:/o:redhat:enterprise_linux:6"
  }, {
    "product_name" : "Red Hat Enterprise Linux 7",
    "fix_state" : "Out of support scope",
    "package_name" : "wireshark",
    "cpe" : "cpe:/o:redhat:enterprise_linux:7"
  } ],
  "references" : [ "https://www.cve.org/CVERecord?id=CVE-2023-0666\nhttps://nvd.nist.gov/vuln/detail/CVE-2023-0666" ],
  "name" : "CVE-2023-0666",
  "csaw" : false
}