CVE-2023-1994 — Uncontrolled Resource Consumption in Wireshark

Severity

6.5MEDIUMNVD

CNA6.3

EPSS

0.3%

top 47.87%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Timeline

PublishedApr 12

Latest updateApr 13

Description

GQUIC dissector crash in Wireshark 4.0.0 to 4.0.4 and 3.6.0 to 3.6.12 allows denial of service via packet injection or crafted capture file

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:HExploitability: 2.8 | Impact: 3.6

▶NVDwireshark/wireshark3.6.0 — 3.6.13+1

▶Debianwireshark/wireshark< 3.4.16-0+deb11u1+3

▶CVEListV5wireshark_foundation/wireshark>=3.6.0, <3.6.13, >=4.0.0, <4.0.5+1

Also affects: Debian Linux 10.0, 12.0, Fedora 36, 37, 38

GHSA

GHSA-737h-r3q7-c58r: GQUIC dissector crash in Wireshark 4↗2023-04-13

▶

CVEList

CVE-2023-1994: GQUIC dissector crash in Wireshark 4↗2023-04-12

▶

OSV

CVE-2023-1994: GQUIC dissector crash in Wireshark 4↗2023-04-12

▶

Red Hat

wireshark: GQUIC dissector crash↗2023-04-12

▶

Debian

CVE-2023-1994: wireshark - GQUIC dissector crash in Wireshark 4.0.0 to 4.0.4 and 3.6.0 to 3.6.12 allows den...↗2023

▶