CVE Vulnerability

CVE-2023-0411

Excessive loops in multiple dissectors in Wireshark 4.0.0 to 4.0.2 and 3.6.0 to 3.6.10 and allows denial of service via packet injection or crafted capture file

6.5 /10

CVSS v3.0 : MEDIUM

V3 Legend

Vector :

Exploitability : 2.8 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction REQUIRED

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

References
Link Resource
https://www.wireshark.org/security/wnpa-sec-2023-06.html Vendor Advisory
https://gitlab.com/wireshark/wireshark/-/issues/18737 Issue Tracking Patch
https://gitlab.com/wireshark/wireshark/-/issues/18711 Issue Tracking Patch
https://gitlab.com/gitlab-org/cves/-/blob/master/2023/CVE-2023-0411.json Third Party Advisory
https://gitlab.com/wireshark/wireshark/-/issues/18720 Issue Tracking Patch
https://lists.debian.org/debian-lts-announce/2023/02/msg00007.html
Configurations

Configuration 1

cpe:2.3:a:wireshark:wireshark:*:*:*:*:*:*:*:*
cpe:2.3:a:wireshark:wireshark:*:*:*:*:*:*:*:*
Information

Published : 2023-01-26 09:18

Updated : 2023-02-09 12:15

NVD link : CVE-2023-0411

Mitre link : CVE-2023-0411

Products Affected

Wireshark

CWE
CWE-834