CVE-2023-6174: 
Wireshark vulnerability analysis and mitigation

The vulnerability CVE-2023-6174 affects Wireshark versions 4.0.0 to 4.0.10, specifically involving a crash in the SSH dissector component. The vulnerability was discovered in October 2023 and publicly disclosed on November 15, 2023. This security flaw allows denial of service via packet injection or through a crafted capture file (Wireshark Advisory, NVD).

The vulnerability is characterized by an invalid memory block read in Wireshark's SSH dissector, which can lead to application crashes. It has been assigned a CVSS v3.1 base score of 6.5 (Medium) with the vector string CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H. The issue involves improper neutralization of special elements and out-of-bounds read vulnerabilities (NVD).

When exploited, this vulnerability can cause Wireshark to crash or consume excessive CPU resources. The impact is primarily focused on availability, with no direct effect on confidentiality or integrity. The crash can be triggered either through malicious packet injection on a network or by opening a specially crafted packet trace file (Wireshark Advisory).

The vulnerability has been fixed in Wireshark version 4.0.11. Users are advised to upgrade to this version or later to mitigate the risk. The fix was released as part of the security advisory WNPA-SEC-2023-28 (Wireshark Advisory, Debian Advisory).