PT-2023-22298 · Wireshark+6 · Wireshark+6

Publicado

2023-05-23

Atualizado

2025-09-29

CVE-2023-2952

CVSS v3.1

6.5

Média

Vetor

AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions Wireshark versions 3.6.0 through 3.6.13 Wireshark versions 4.0.0 through 4.0.5

Description The issue allows for denial of service via packet injection or crafted capture file. It is related to an infinite loop in the XRA dissector.

Recommendations For Wireshark versions 3.6.0 through 3.6.13, update to a version outside of this range to resolve the issue. For Wireshark versions 4.0.0 through 4.0.5, update to a version outside of this range to resolve the issue. As a temporary workaround, consider disabling the XRA dissector to prevent exploitation until a patch is available.

Exploit

Correção

DoS

Infinite Loop

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-835

Identificadores relacionados

ALSA-2023:6469

ALSA-2023:7015

ALSA-2023_6469

ALSA-2023_7015

ALSA-2025_16880

ALT-PU-2023-1938

ALT-PU-2023-1971

ALT-PU-2023-1976

ALT-PU-2023-5823

ALT-PU-2023-6556

CESA-2023_7015

CVE-2023-2952

DLA-3443-1

DLA-3906-1

DSA-5429-1

OESA-2023-1373

OESA-2023-1374

OPENSUSE-SU-2023_3252-1

OPENSUSE-SU-2024:12989-1

RHSA-2023:6469

RHSA-2023:7015

RHSA-2023_6469

RHSA-2023_7015

ROSA-SA-2024-2390

SUSE-SU-2023:3252-1

Produtos afetados

Alt Linux

Almalinux

Astra Linux

Centos

Red Hat

Suse

Wireshark

PT-2023-22298 · Wireshark+6 · Wireshark+6

CVE-2023-2952

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 66