Memory Allocation with Excessive Size Value in Wireshark
CVE-2023-5371

6.5MEDIUM

Key Information:

Vendor: Wireshark
Status: Wireshark
Vendor: CVE Published:; 4 October 2023

Summary

RTPS dissector memory leak in Wireshark 4.0.0 to 4.0.8 and 3.6.0 to 3.6.16 allows denial of service via packet injection or crafted capture file

Affected Version(s)

Wireshark 4.0.0 < 4.0.9

Wireshark 3.6.0 < 3.6.17

References

https://www.wireshark.org/security/wnpa-sec-2023-27.html

https://gitlab.com/wireshark/wireshark/-/issues/19322

CVSS V3.1

Score:

6.5

Severity:

MEDIUM

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
Oct 4, 2023
Vulnerability Reserved
Oct 4, 2023

.