Wiz
Vulnerability DatabaseCVE-2023-1801

CVE-2023-1801
NixOS vulnerability analysis and mitigation

Overview

The SMB protocol decoder in tcpdump version 4.99.3 contains a vulnerability (CVE-2023-1801) that can perform an out-of-bounds write when decoding a crafted network packet. This vulnerability was discovered in early 2023 and affects tcpdump installations prior to version 4.99.4 (Debian Tracker).

Technical details

The vulnerability exists in the SMB protocol decoder functionality of tcpdump. When processing specially crafted network packets, the decoder can perform an out-of-bounds write operation, which could lead to memory corruption. The issue was fixed in tcpdump version 4.99.4 through improved input validation (Debian Tracker).

Impact

An attacker in a privileged network position may be able to execute arbitrary code by exploiting this vulnerability through sending specially crafted network packets (Apple Security).

Mitigation and workarounds

The vulnerability has been fixed in tcpdump version 4.99.4 and later. Users are advised to upgrade to the patched version. For Debian-based systems, fixed versions are available in the sid and trixie releases. The fix was implemented through commits 7578e1c and 03c037b in the tcpdump repository (Debian Tracker).

Additional resources

SourceThis report was generated using AI

Related NixOS vulnerabilities:

CVE ID

Severity

Score

Technologies

Component name

CISA KEV exploit

Has fix

Published date

CVE-2025-14330CRITICAL9.8
  • NixOSNixOS
  • cpe:2.3:a:mozilla:firefox:*:*:*:*:esr:*:*:*
NoYesDec 09, 2025
CVE-2025-14329HIGH8.8
  • NixOSNixOS
  • cpe:2.3:a:mozilla:firefox_esr
NoYesDec 09, 2025
CVE-2025-14333HIGH8.1
  • NixOSNixOS
  • firefox-esr
NoYesDec 09, 2025
CVE-2025-14332HIGH7.3
  • NixOSNixOS
  • thunderbird
NoYesDec 09, 2025
CVE-2025-14331MEDIUM6.5
  • NixOSNixOS
  • firefox
NoYesDec 09, 2025

Free Vulnerability Assessment

Benchmark your Cloud Security Posture

Evaluate your cloud security practices across 9 security domains to benchmark your risk level and identify gaps in your defenses.

Request assessment

Additional Wiz resources

Cloud Vulnerability DB

Cloud Vulnerability DB

A community-led vulnerabilities database

Cloud Threat Landscape

Cloud Threat Landscape

A threat intelligence database

PEACH

PEACH

A tenant isolation framework

Get a personalized demo

Ready to see Wiz in action?

"Best User Experience I have ever seen, provides full visibility to cloud workloads."
David EstlickCISO
"Wiz provides a single pane of glass to see what is going on in our cloud environments."
Adam FletcherChief Security Officer
"We know that if Wiz identifies something as critical, it actually is."
Greg PoniatowskiHead of Threat and Vulnerability Management
Get a demo