CVE-2023-2879

Опубликовано: 26 мая 2023

Источник: redhat

CVSS3: 7.5

EPSS Низкий

Описание

GDSDB infinite loop in Wireshark 4.0.0 to 4.0.5 and 3.6.0 to 3.6.13 allows denial of service via packet injection or crafted capture file

A vulnerability was found in wireshark. This issue occurs in the GDSDB dissector, and could go into an infinite loop. It may be possible to make Wireshark consume excessive CPU resources by injecting a malformed packet onto the wire or by convincing someone to read a malformed packet trace file.

Затронутые пакеты

Платформа	Пакет	Состояние
Red Hat Enterprise Linux 6	wireshark	Not affected
Red Hat Enterprise Linux 7	wireshark	Not affected
Red Hat Enterprise Linux 8	wireshark	Not affected
Red Hat Enterprise Linux 9	wireshark	Not affected

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate

Дефект:

CWE-835

https://bugzilla.redhat.com/show_bug.cgi?id=2210466wireshark: infinite loop in GDSDB dissector

EPSS

Процентиль: 29%

0.00105

Низкий

7.5 High

CVSS3

Связанные уязвимости

CVE-2023-2879

CVSS3: 6.3

ubuntu

больше 2 лет назад

GDSDB infinite loop in Wireshark 4.0.0 to 4.0.5 and 3.6.0 to 3.6.13 allows denial of service via packet injection or crafted capture file

CVE-2023-2879

CVSS3: 6.3

nvd

больше 2 лет назад

GDSDB infinite loop in Wireshark 4.0.0 to 4.0.5 and 3.6.0 to 3.6.13 allows denial of service via packet injection or crafted capture file

CVE-2023-2879

CVSS3: 6.3

debian

больше 2 лет назад

GDSDB infinite loop in Wireshark 4.0.0 to 4.0.5 and 3.6.0 to 3.6.13 al ...

GHSA-pp5p-jjp7-mh7c

CVSS3: 6.3

github

больше 2 лет назад

GDSDB infinite loop in Wireshark 4.0.0 to 4.0.5 and 3.6.0 to 3.6.13 allows denial of service via packet injection or crafted capture file

SUSE-SU-2023:3252-1

suse-cvrf

больше 2 лет назад

Security update for wireshark

EPSS

Процентиль: 29%

0.00105

Низкий

7.5 High

CVSS3