CVE-2023-5371Memory Allocation with Excessive Size Value in Foundation Wireshark

CWE-789Memory Allocation with Excessive Size ValueCWE-770Allocation of Resources Without Limits or ThrottlingCWE-401Missing Release of Memory after Effective Lifetime7 documents7 sources
Severity
6.5MEDIUMNVD
CNA5.3
EPSS
0.1%
top 84.49%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Wireshark Foundation WiresharkWireshark
Timeline
PublishedOct 4
Latest updateOct 10

Description

RTPS dissector memory leak in Wireshark 4.0.0 to 4.0.8 and 3.6.0 to 3.6.16 allows denial of service via packet injection or crafted capture file

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:HExploitability: 2.8 | Impact: 3.6

Affected Packages3 packages

NVDwireshark/wireshark3.6.03.6.17+1
CVEListV5wireshark_foundation/wireshark4.0.04.0.9+1
Debianwireshark/wireshark< 4.0.11-1~deb12u1+2

🔴Vulnerability Details

3
OSV
CVE-2023-5371: RTPS dissector memory leak in Wireshark 42023-10-04
GHSA
GHSA-j7xf-pgw2-75mr: RTPS dissector memory leak in Wireshark 42023-10-04
CVEList
Memory Allocation with Excessive Size Value in Wireshark2023-10-04

📋Vendor Advisories

3
Microsoft
Memory Allocation with Excessive Size Value in Wireshark2023-10-10
Red Hat
wireshark: RTPS dissector memory leak2023-10-04
Debian
CVE-2023-5371: wireshark - RTPS dissector memory leak in Wireshark 4.0.0 to 4.0.8 and 3.6.0 to 3.6.16 allow...2023
CVE-2023-5371 — Foundation Wireshark vulnerability | cvebase