CVE-2023-1161: 
Wireshark vulnerability analysis and mitigation

The vulnerability (CVE-2023-1161) affects the ISO 15765 and ISO 10681 dissectors in Wireshark versions 4.0.0 to 4.0.3 and 3.6.0 to 3.6.11. The flaw allows denial of service attacks through packet injection or crafted capture files (NVD, Wireshark Advisory).

The vulnerability stems from memory corruption in the ISO15765 and ISO10681 dissectors. Specifically, in packet-iso15765.c, there is a potential buffer overflow where writing to the frag_id_high array can corrupt memory beyond its bounds. This occurs when processing consecutive segments, particularly with large numbers (e.g., 32) of ISO15765 segments. When the table needs to be resized with wmem_map_grow, the corruption of the previous chunk's position can lead to crashes (GitLab Issue). The vulnerability has a CVSS 3.1 base score of 7.1 (High), with network attack vector, low attack complexity, and no privileges required (Ubuntu CVE).

The primary impact of this vulnerability is denial of service through application crashes. When exploited, the vulnerability can cause Wireshark to crash in version 4.0 or hang in version 3.6, disrupting network analysis capabilities (Wireshark Advisory).

The vulnerability has been fixed in Wireshark versions 4.0.4 and 3.6.12. Users are advised to upgrade to these or later versions to mitigate the risk. Various Linux distributions have also released security updates to address this vulnerability, including Debian and Ubuntu (Debian Security, Wireshark Advisory).