PT-2023-5120 · Wireshark+4 · Wireshark+4

Chenyuan Mi

Published

2023-08-24

Updated

2024-09-30

CVE-2023-4511

CVSS v2.0

7.8

High

Vector

AV:N/AC:L/Au:N/C:N/I:N/A:C

Name of the Vulnerable Software and Affected Versions Wireshark versions 3.6.0 through 3.6.15 Wireshark versions 4.0.0 through 4.0.7

Description The issue is related to the BT SDP dissector in Wireshark, which can enter an infinite loop. This can be exploited to cause a denial of service via packet injection or a crafted capture file. The exploitation of this issue may allow a remote attacker to cause a service disruption.

Recommendations For Wireshark versions 3.6.0 through 3.6.15, update to a version outside of this range to resolve the issue. For Wireshark versions 4.0.0 through 4.0.7, update to a version outside of this range to resolve the issue. As a temporary workaround, consider disabling the BT SDP dissector until a patch is available.

Exploit

Fix

DoS

Infinite Loop

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-835

Related Identifiers

ALT-PU-2023-5646

ALT-PU-2023-5647

ALT-PU-2023-5648

ALT-PU-2023-5823

ALT-PU-2023-6556

BDU:2023-05711

CVE-2023-4511

DLA-3746-1

DLA-3906-1

DSA-5559-1

MGASA-2023-0275

OESA-2023-1652

OPENSUSE-SU-2024:13184-1

ROSA-SA-2024-2390

SUSE-SU-2023:3778-1

Affected Products

Alt Linux

Astra Linux

Red Os

Suse

Wireshark

PT-2023-5120 · Wireshark+4 · Wireshark+4

CVE-2023-4511

Weakness Enumeration

Related Identifiers

Affected Products

References · 51