CVE-2023-0411

EPSS 0.15%
Veröffentlicht 26.01.2023 21:18:07
Zuletzt bearbeitet 03.11.2025 22:16:02
Quelle cve@gitlab.com
CVE-Watchlists
Login
Unerledigt
Login

Excessive loops in multiple dissectors in Wireshark 4.0.0 to 4.0.2 and 3.6.0 to 3.6.10 and allows denial of service via packet injection or crafted capture file

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 10

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Wireshark ≫ Wireshark Version >= 3.6.0 <= 3.6.10

Wireshark ≫ Wireshark Version >= 4.0.0 <= 4.0.2

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.15%	0.363

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	6.5	2.8	3.6	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
cve@gitlab.com	6.3	2.8	3.4	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L

CWE-834 Excessive Iteration

The product performs an iteration or loop without sufficiently limiting the number of times that the loop is executed.

https://lists.debian.org/debian-lts-announce/2023/02/msg00007.html

https://gitlab.com/gitlab-org/cves/-/blob/master/2023/CVE-2023-0411.json

Third Party Advisory

https://gitlab.com/wireshark/wireshark/-/issues/18711

Patch

Third Party Advisory

Issue Tracking

https://gitlab.com/wireshark/wireshark/-/issues/18720

Patch

Third Party Advisory

Issue Tracking

https://gitlab.com/wireshark/wireshark/-/issues/18737

Patch

Third Party Advisory

Issue Tracking

https://www.wireshark.org/security/wnpa-sec-2023-06.html

Vendor Advisory

https://lists.debian.org/debian-lts-announce/2024/09/msg00049.html

https://nvd.nist.gov/vuln/detail/CVE-2023-0411

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2023-0411

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2023-0411

EUVD