CVE-2023-2952 — Infinite Loop in Wireshark

Severity

6.5MEDIUMNVD

CNA5.3

EPSS

0.0%

top 91.14%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Timeline

PublishedMay 30

Latest updateMay 31

Description

XRA dissector infinite loop in Wireshark 4.0.0 to 4.0.5 and 3.6.0 to 3.6.13 allows denial of service via packet injection or crafted capture file

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:HExploitability: 2.8 | Impact: 3.6

▶NVDwireshark/wireshark3.6.0 — 3.6.14+1

▶Debianwireshark/wireshark< 3.4.16-0+deb11u1+3

▶CVEListV5wireshark_foundation/wireshark>=3.6.0, <3.6.14, >=4.0.0, <4.0.6+1

Also affects: Debian Linux 10.0, 12.0

GHSA

GHSA-h2fj-p2f3-rmwc: XRA dissector infinite loop in Wireshark 4↗2023-05-31

▶

OSV

CVE-2023-2952: XRA dissector infinite loop in Wireshark 4↗2023-05-30

▶

CVEList

CVE-2023-2952: XRA dissector infinite loop in Wireshark 4↗2023-05-30

▶

Red Hat

wireshark: XRA dissector infinite loop↗2023-05-23

▶

Debian

CVE-2023-2952: wireshark - XRA dissector infinite loop in Wireshark 4.0.0 to 4.0.5 and 3.6.0 to 3.6.13 allo...↗2023

▶