PT-2023-22298 · Wireshark+6 · Wireshark+6

Published

2023-05-23

Updated

2025-09-29

CVE-2023-2952

CVSS v3.1

6.5

Medium

Vector

AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions Wireshark versions 3.6.0 through 3.6.13 Wireshark versions 4.0.0 through 4.0.5

Description The issue allows for denial of service via packet injection or crafted capture file. It is related to an infinite loop in the XRA dissector.

Recommendations For Wireshark versions 3.6.0 through 3.6.13, update to a version outside of this range to resolve the issue. For Wireshark versions 4.0.0 through 4.0.5, update to a version outside of this range to resolve the issue. As a temporary workaround, consider disabling the XRA dissector to prevent exploitation until a patch is available.

Exploit

Fix

DoS

Infinite Loop

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-835

Related Identifiers

ALSA-2023:6469

ALSA-2023:7015

ALSA-2023_6469

ALSA-2023_7015

ALSA-2025_16880

ALT-PU-2023-1938

ALT-PU-2023-1971

ALT-PU-2023-1976

ALT-PU-2023-5823

ALT-PU-2023-6556

CESA-2023_7015

CVE-2023-2952

DLA-3443-1

DLA-3906-1

DSA-5429-1

OESA-2023-1373

OESA-2023-1374

OPENSUSE-SU-2023_3252-1

OPENSUSE-SU-2024:12989-1

RHSA-2023:6469

RHSA-2023:7015

RHSA-2023_6469

RHSA-2023_7015

ROSA-SA-2024-2390

SUSE-SU-2023:3252-1

Affected Products

Alt Linux

Almalinux

Astra Linux

Centos

Red Hat

Suse

Wireshark

PT-2023-22298 · Wireshark+6 · Wireshark+6

CVE-2023-2952

Weakness Enumeration

Related Identifiers

Affected Products

References · 66