CVE-2023-4513Missing Release of Memory after Effective Lifetime in Foundation Wireshark

CWE-401Missing Release of Memory after Effective Lifetime6 documents6 sources
Severity
7.5HIGHNVD
CNA5.3
EPSS
0.0%
top 94.23%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Wireshark Foundation WiresharkWireshark
Timeline
PublishedAug 24

Description

BT SDP dissector memory leak in Wireshark 4.0.0 to 4.0.7 and 3.6.0 to 3.6.15 allows denial of service via packet injection or crafted capture file

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 3.9 | Impact: 3.6

Affected Packages3 packages

CVEListV5wireshark_foundation/wireshark4.0.04.0.8+1
Debianwireshark/wireshark< 3.4.16-0+deb11u1+3
NVDwireshark/wireshark3.6.03.6.15+1

Patches

Patch: gitlab.comPatch: gitlab.com

🔴Vulnerability Details

3
GHSA
GHSA-m8r8-3226-6wp8: BT SDP dissector memory leak in Wireshark 42023-08-24
OSV
CVE-2023-4513: BT SDP dissector memory leak in Wireshark 42023-08-24
CVEList
Missing Release of Memory after Effective Lifetime in Wireshark2023-08-24

📋Vendor Advisories

2
Red Hat
wireshark: DoS (memory leak) via packet injection or crafted capture file2023-08-24
Debian
CVE-2023-4513: wireshark - BT SDP dissector memory leak in Wireshark 4.0.0 to 4.0.7 and 3.6.0 to 3.6.15 all...2023
CVE-2023-4513 — Foundation Wireshark vulnerability | cvebase