CVE-2023-2857: 
Wireshark vulnerability analysis and mitigation

BLF file parser crash in Wireshark versions 4.0.0 to 4.0.5 and 3.6.0 to 3.6.13 allows denial of service via crafted capture file. The vulnerability was discovered by Huascar Tejeda and was disclosed on May 24, 2023. The issue affects the Binary Logging Format (BLF) file processing functionality in Wireshark, a widely-used network protocol analyzer (Wireshark Advisory).

The vulnerability occurs in the blfpulllogcontainerintomemory() function in the wiretap/blf.c file. The heap-buffer overflow is triggered by a memcpy operation that attempts to copy 28 bytes into a memory region that is only 15 bytes large. This region was allocated using calloc at wiretap/blf.c:499. The overflow leads to memory corruption, causing the program to crash when it attempts to allocate memory with malloc in wmemstrdupprintf. The vulnerability has been assigned a CVSS v3.1 base score of 6.5 MEDIUM (Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H) (NVD, Wireshark Issue).

The primary impact of this vulnerability is denial of service. When exploited, it can cause Wireshark to crash when processing a maliciously crafted BLF file. The vulnerability requires user interaction, specifically opening a malformed packet trace file (Wireshark Advisory).

The vulnerability has been fixed in Wireshark versions 4.0.6 and 3.6.14. Users are advised to upgrade to these or later versions to mitigate the risk. Multiple Linux distributions have also released security updates to address this vulnerability, including Debian (version 4.0.6-1~deb12u1) and Gentoo (Debian Advisory, Gentoo Advisory).