CVE-2023-0411

EPSS 0.04%
Published 26.01.2023 21:18:07
Last modified 01.04.2025 20:15:16
Source cve@gitlab.com
Teams watchlist Login
Open Login

Excessive loops in multiple dissectors in Wireshark 4.0.0 to 4.0.2 and 3.6.0 to 3.6.10 and allows denial of service via packet injection or crafted capture file

Affected products Warnungen 0 Metrics 3 CWE 1 References 9

Data is provided by the National Vulnerability Database (NVD)

Wireshark ≫ Wireshark Version >= 3.6.0 <= 3.6.10

Wireshark ≫ Wireshark Version >= 4.0.0 <= 4.0.2

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.04%	0.121

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	6.5	2.8	3.6	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
cve@gitlab.com	6.3	2.8	3.4	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L

CWE-834 Excessive Iteration

The product performs an iteration or loop without sufficiently limiting the number of times that the loop is executed.

https://lists.debian.org/debian-lts-announce/2023/02/msg00007.html

https://gitlab.com/gitlab-org/cves/-/blob/master/2023/CVE-2023-0411.json

Third Party Advisory

https://gitlab.com/wireshark/wireshark/-/issues/18711

Patch

Third Party Advisory

Issue Tracking

https://gitlab.com/wireshark/wireshark/-/issues/18720

Patch

Third Party Advisory

Issue Tracking

https://gitlab.com/wireshark/wireshark/-/issues/18737

Patch

Third Party Advisory

Issue Tracking

https://www.wireshark.org/security/wnpa-sec-2023-06.html

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2023-0411

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2023-0411

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2023-0411

EUVD