ALAS2023-2023-199

Amazon Linux 2023 Security Advisory: ALAS2023-2023-199
Advisory Released Date: 2023-06-07
Advisory Updated Date: 2025-09-09
Severity: Medium
Issue Overview:

RPCoRDMA dissector crash in Wireshark 4.0.0 to 4.0.4 and 3.6.0 to 3.6.12 allows denial of service via packet injection or crafted capture file (CVE-2023-1992)

LISP dissector large loop in Wireshark 4.0.0 to 4.0.4 and 3.6.0 to 3.6.12 allows denial of service via packet injection or crafted capture file (CVE-2023-1993)

GQUIC dissector crash in Wireshark 4.0.0 to 4.0.4 and 3.6.0 to 3.6.12 allows denial of service via packet injection or crafted capture file (CVE-2023-1994)


Affected Packages:

wireshark


Issue Correction:
Run dnf update wireshark --releasever 2023.0.20230607 or dnf update --advisory ALAS2023-2023-199 --releasever 2023.0.20230607 to update your system.
More information on how to update your system can be found on this page: Amazon Linux 2023 documentation

New Packages:
aarch64:
    wireshark-cli-debuginfo-4.0.5-1.amzn2023.0.1.aarch64
    wireshark-cli-4.0.5-1.amzn2023.0.1.aarch64
    wireshark-devel-4.0.5-1.amzn2023.0.1.aarch64
    wireshark-debugsource-4.0.5-1.amzn2023.0.1.aarch64

src:
    wireshark-4.0.5-1.amzn2023.0.1.src

x86_64:
    wireshark-cli-debuginfo-4.0.5-1.amzn2023.0.1.x86_64
    wireshark-cli-4.0.5-1.amzn2023.0.1.x86_64
    wireshark-devel-4.0.5-1.amzn2023.0.1.x86_64
    wireshark-debugsource-4.0.5-1.amzn2023.0.1.x86_64

Changelog:

2025-09-09: CVE-2022-4344 was removed from this advisory.

2025-09-09: CVE-2022-4345 was removed from this advisory.

Additional References

Release Notes:  Amazon Linux 2023 Release Notes

Red Hat: CVE-2023-1992, CVE-2023-1993, CVE-2023-1994

Mitre: CVE-2023-1992, CVE-2023-1993, CVE-2023-1994