CVE-2023-1992Uncontrolled Resource Consumption in Wireshark

CWE-400Uncontrolled Resource ConsumptionCWE-20Improper Input ValidationCWE-663Use of a Non-reentrant Function in a Concurrent Context7 documents6 sources
Severity
7.5HIGHNVD
CNA6.3
EPSS
0.3%
top 46.71%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
4
WiresharkWireshark Foundation WiresharkDebian Linux+1 more
Timeline
PublishedApr 12
Latest updateOct 1

Description

RPCoRDMA dissector crash in Wireshark 4.0.0 to 4.0.4 and 3.6.0 to 3.6.12 allows denial of service via packet injection or crafted capture file

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 3.9 | Impact: 3.6

Affected Packages3 packages

NVDwireshark/wireshark3.6.03.6.13+1
Debianwireshark/wireshark< 3.4.16-0+deb11u1+3
CVEListV5wireshark_foundation/wireshark>=3.6.0, <3.6.13, >=4.0.0, <4.0.5+1

Also affects: Debian Linux 10.0, 12.0, Fedora 36, 37, 38

Patches

Patch: gitlab.comPatch: gitlab.com

🔴Vulnerability Details

3
CVEList
CVE-2023-1992: RPCoRDMA dissector crash in Wireshark 42023-04-12
GHSA
GHSA-j3hh-fx42-vqq9: RPCoRDMA dissector crash in Wireshark 42023-04-12
OSV
CVE-2023-1992: RPCoRDMA dissector crash in Wireshark 42023-04-12

📋Vendor Advisories

3
Red Hat
kernel: scsi: qla2xxx: Use raw_smp_processor_id() instead of smp_processor_id()2025-10-01
Red Hat
wireshark: RPCoRDMA dissector crash2023-04-12
Debian
CVE-2023-1992: wireshark - RPCoRDMA dissector crash in Wireshark 4.0.0 to 4.0.4 and 3.6.0 to 3.6.12 allows ...2023
CVE-2023-1992 — Uncontrolled Resource Consumption | cvebase