CVE-2023-2879 — Infinite Loop in Wireshark

Severity

7.5HIGHNVD

CNA6.3

EPSS

0.1%

top 70.22%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Timeline

PublishedMay 26

Description

GDSDB infinite loop in Wireshark 4.0.0 to 4.0.5 and 3.6.0 to 3.6.13 allows denial of service via packet injection or crafted capture file

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 3.9 | Impact: 3.6

▶NVDwireshark/wireshark3.6.0 — 3.6.14+1

▶Debianwireshark/wireshark< 3.4.16-0+deb11u1+3

▶CVEListV5wireshark_foundation/wireshark>=3.6.0, <3.6.14, >=4.0.0, <4.0.6+1

Also affects: Debian Linux 10.0, 12.0

CVEList

CVE-2023-2879: GDSDB infinite loop in Wireshark 4↗2023-05-26

▶

GHSA

GHSA-pp5p-jjp7-mh7c: GDSDB infinite loop in Wireshark 4↗2023-05-26

▶

OSV

CVE-2023-2879: GDSDB infinite loop in Wireshark 4↗2023-05-26

▶

Red Hat

wireshark: infinite loop in GDSDB dissector↗2023-05-26

▶

Debian

CVE-2023-2879: wireshark - GDSDB infinite loop in Wireshark 4.0.0 to 4.0.5 and 3.6.0 to 3.6.13 allows denia...↗2023

▶