Denial of Service through GDSDB Infinite Loop in Wireshark Software by The Wireshark Team
CVE-2023-2879

7.5HIGH

Key Information:

Vendor: Wireshark
Status: Wireshark
Vendor: CVE Published:; 26 May 2023

Summary

The GDSDB infinite loop vulnerability found in Wireshark versions 4.0.0 to 4.0.5 and 3.6.0 to 3.6.13 can lead to a denial of service condition. This issue arises when an attacker exploits the flaw using either specially crafted packet injections or by providing a malicious capture file. As a result, affected systems may become unresponsive, impacting network monitoring and analysis capabilities. Users are encouraged to update to the latest versions to mitigate potential risks associated with this vulnerability.

Affected Version(s)

Wireshark >=4.0.0, <4.0.6 < 4.0.0, 4.0.6

Wireshark >=3.6.0, <3.6.14 < 3.6.0, 3.6.14

References

https://www.wireshark.org/security/wnpa-sec-2023-14.html

https://gitlab.com/wireshark/wireshark/-/issues/19068

https://gitlab.com/gitlab-org/cves/-/blob/master/2023/CVE...

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
May 26, 2023
Vulnerability Reserved
May 25, 2023