{
  "threat_severity" : "Moderate",
  "public_date" : "2023-05-11T00:00:00Z",
  "bugzilla" : {
    "description" : "wireshark: Candump log file parser crash",
    "id" : "2210822",
    "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=2210822"
  },
  "cvss3" : {
    "cvss3_base_score" : "6.5",
    "cvss3_scoring_vector" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
    "status" : "verified"
  },
  "cwe" : "CWE-121",
  "details" : [ "Candump log parser crash in Wireshark 4.0.0 to 4.0.5 and 3.6.0 to 3.6.13 allows denial of service via crafted capture file", "A flaw was found in the Candump log file parser of Wireshark. This issue occurs when decoding malformed packets from a pcap file or from the network, causing a buffer overflow, resulting in a denial of service." ],
  "statement" : "Wireshark as shipped in Red Hat Enterprise Linux 8 is not affected by this vulnerability because the Candump log file parser was introduced in a newer Wireshark version.",
  "affected_release" : [ {
    "product_name" : "Red Hat Enterprise Linux 9",
    "release_date" : "2023-11-07T00:00:00Z",
    "advisory" : "RHSA-2023:6469",
    "cpe" : "cpe:/a:redhat:enterprise_linux:9",
    "package" : "wireshark-1:3.4.10-6.el9"
  } ],
  "package_state" : [ {
    "product_name" : "Red Hat Enterprise Linux 6",
    "fix_state" : "Out of support scope",
    "package_name" : "wireshark",
    "cpe" : "cpe:/o:redhat:enterprise_linux:6"
  }, {
    "product_name" : "Red Hat Enterprise Linux 7",
    "fix_state" : "Out of support scope",
    "package_name" : "wireshark",
    "cpe" : "cpe:/o:redhat:enterprise_linux:7"
  }, {
    "product_name" : "Red Hat Enterprise Linux 8",
    "fix_state" : "Not affected",
    "package_name" : "wireshark",
    "cpe" : "cpe:/o:redhat:enterprise_linux:8"
  } ],
  "references" : [ "https://www.cve.org/CVERecord?id=CVE-2023-2855\nhttps://nvd.nist.gov/vuln/detail/CVE-2023-2855" ],
  "name" : "CVE-2023-2855",
  "csaw" : false
}