CVE-2023-0413Improper Resource Shutdown or Release in Wireshark

CWE-404Improper Resource Shutdown or ReleaseCWE-476NULL Pointer Dereference6 documents6 sources
Severity
6.5MEDIUMNVD
CNA6.3
EPSS
0.1%
top 65.17%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
WiresharkWireshark Foundation Wireshark
Timeline
PublishedJan 26
Latest updateJan 27

Description

Dissection engine bug in Wireshark 4.0.0 to 4.0.2 and 3.6.0 to 3.6.10 and allows denial of service via packet injection or crafted capture file

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:HExploitability: 2.8 | Impact: 3.6

Affected Packages3 packages

Debianwireshark/wireshark< 3.4.16-0+deb11u1+3
NVDwireshark/wireshark3.6.03.6.10+1
CVEListV5wireshark_foundation/wireshark>=3.6.0, <3.6.11, >=4.0.0, <4.0.3+1

Patches

Patch: gitlab.comPatch: gitlab.com

🔴Vulnerability Details

3
OSV
CVE-2023-0413: Dissection engine bug in Wireshark 42023-01-26
GHSA
GHSA-mxqm-jmg3-7f88: Dissection engine bug in Wireshark 42023-01-26
CVEList
CVE-2023-0413: Dissection engine bug in Wireshark 42023-01-24

📋Vendor Advisories

2
Red Hat
wireshark: dissection engine crash via conversation tracking module2023-01-27
Debian
CVE-2023-0413: wireshark - Dissection engine bug in Wireshark 4.0.0 to 4.0.2 and 3.6.0 to 3.6.10 and allows...2023
CVE-2023-0413 — Improper Resource Shutdown or Release | cvebase