CVE-2023-0411

Excessive loops in multiple dissectors in Wireshark 4.0.0 to 4.0.2 and 3.6.0 to 3.6.10 and allows denial of service via packet injection or crafted capture file

References

Affected packages

Git / gitlab.com/wireshark/wireshark

Affected ranges

Type

GIT

Repo

https://gitlab.com/wireshark/wireshark

Events

Introduced

0cbe09cd796b2ea24c6069b76ea16df7f51cf67b

Fixed

c552f74cdc235956749afb80f6536ca8c9c145d7

Database specific

{
    "versions": [
        {
            "introduced": "4.0.0"
        },
        {
            "fixed": "4.0.3"
        }
    ]
}

Type

GIT

Repo

https://gitlab.com/wireshark/wireshark

Events

Introduced

3a34e44d02c9c91f9f851bd6f29ff4505131b127

Fixed

6529b24d7c782e202b0051d3be8dd07f850e8954

Database specific

{
    "versions": [
        {
            "introduced": "3.6.0"
        },
        {
            "fixed": "3.6.11"
        }
    ]
}

Affected versions

v3.*

v3.6.0

v3.6.1

v3.6.10

v3.6.10rc0

v3.6.11rc0

v3.6.1rc0

v3.6.2

v3.6.2rc0

v3.6.3

v3.6.3rc0

v3.6.4

v3.6.4rc0

v3.6.5

v3.6.5rc0

v3.6.6

v3.6.6rc0

v3.6.7

v3.6.7rc0

v3.6.8

v3.6.8rc0

v3.6.9

v3.6.9rc0

v4.*

v4.0.0

v4.0.1

v4.0.1rc0

v4.0.2

v4.0.2rc0

v4.0.3rc0

wireshark-3.*

wireshark-3.6.0

wireshark-3.6.1

wireshark-3.6.10

wireshark-3.6.2

wireshark-3.6.3

wireshark-3.6.4

wireshark-3.6.5

wireshark-3.6.6

wireshark-3.6.7

wireshark-3.6.8

wireshark-3.6.9

wireshark-4.*

wireshark-4.0.0

wireshark-4.0.1

wireshark-4.0.2

Git / github.com/wireshark/wireshark