CVE-2023-0411

EPSS 0.04%
Veröffentlicht 26.01.2023 21:18:07
Zuletzt bearbeitet 01.04.2025 20:15:16
Quelle cve@gitlab.com
Teams Watchlist Login
Unerledigt Login

Excessive loops in multiple dissectors in Wireshark 4.0.0 to 4.0.2 and 3.6.0 to 3.6.10 and allows denial of service via packet injection or crafted capture file

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 9

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Wireshark ≫ Wireshark Version >= 3.6.0 <= 3.6.10

Wireshark ≫ Wireshark Version >= 4.0.0 <= 4.0.2

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.04%	0.121

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	6.5	2.8	3.6	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
cve@gitlab.com	6.3	2.8	3.4	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L

CWE-834 Excessive Iteration

The product performs an iteration or loop without sufficiently limiting the number of times that the loop is executed.

https://lists.debian.org/debian-lts-announce/2023/02/msg00007.html

https://gitlab.com/gitlab-org/cves/-/blob/master/2023/CVE-2023-0411.json

Third Party Advisory

https://gitlab.com/wireshark/wireshark/-/issues/18711

Patch

Third Party Advisory

Issue Tracking

https://gitlab.com/wireshark/wireshark/-/issues/18720

Patch

Third Party Advisory

Issue Tracking

https://gitlab.com/wireshark/wireshark/-/issues/18737

Patch

Third Party Advisory

Issue Tracking

https://www.wireshark.org/security/wnpa-sec-2023-06.html

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2023-0411

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2023-0411

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2023-0411

EUVD