{
  "threat_severity" : "Moderate",
  "public_date" : "2023-05-18T00:00:00Z",
  "bugzilla" : {
    "description" : "wireshark: VMS TCPIPtrace file parser crash",
    "id" : "2210824",
    "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=2210824"
  },
  "cvss3" : {
    "cvss3_base_score" : "6.5",
    "cvss3_scoring_vector" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
    "status" : "verified"
  },
  "cwe" : "CWE-121",
  "details" : [ "VMS TCPIPtrace file parser crash in Wireshark 4.0.0 to 4.0.5 and 3.6.0 to 3.6.13 allows denial of service via crafted capture file", "A flaw was found in the VMS TCPIPtrace file parser of Wireshark. This issue occurs when decoding malformed packets from a pcap file or from the network, causing a buffer overflow, resulting in a denial of service." ],
  "affected_release" : [ {
    "product_name" : "Red Hat Enterprise Linux 8",
    "release_date" : "2023-11-14T00:00:00Z",
    "advisory" : "RHSA-2023:7015",
    "cpe" : "cpe:/a:redhat:enterprise_linux:8",
    "package" : "wireshark-1:2.6.2-17.el8"
  }, {
    "product_name" : "Red Hat Enterprise Linux 9",
    "release_date" : "2023-11-07T00:00:00Z",
    "advisory" : "RHSA-2023:6469",
    "cpe" : "cpe:/a:redhat:enterprise_linux:9",
    "package" : "wireshark-1:3.4.10-6.el9"
  } ],
  "package_state" : [ {
    "product_name" : "Red Hat Enterprise Linux 6",
    "fix_state" : "Out of support scope",
    "package_name" : "wireshark",
    "cpe" : "cpe:/o:redhat:enterprise_linux:6"
  }, {
    "product_name" : "Red Hat Enterprise Linux 7",
    "fix_state" : "Out of support scope",
    "package_name" : "wireshark",
    "cpe" : "cpe:/o:redhat:enterprise_linux:7"
  } ],
  "references" : [ "https://www.cve.org/CVERecord?id=CVE-2023-2856\nhttps://nvd.nist.gov/vuln/detail/CVE-2023-2856" ],
  "name" : "CVE-2023-2856",
  "csaw" : false
}