CVE-2023-5371

CVSS v2.0

9.0

High

Vector

AV:N/AC:L/Au:S/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions Wireshark versions 3.6.0 through 3.6.16 Wireshark versions 4.0.0 through 4.0.8

Description The issue is related to a memory leak in the RTPS dissector of Wireshark, which can be exploited to cause a denial of service. This can be achieved via packet injection or by using a crafted capture file. The exploitation of this issue may allow a remote attacker to cause a service disruption.

Recommendations For Wireshark versions 3.6.0 through 3.6.16, update to a version that contains a fix for this issue. For Wireshark versions 4.0.0 through 4.0.8, update to a version that contains a fix for this issue. As a temporary workaround, consider disabling the RTPS dissector until a patch is available.

Exploit

Fix

DoS

Allocation of Resources Without Limits

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-789CWE-770

Related Identifiers

ALT-PU-2023-7507

ALT-PU-2023-7510

ALT-PU-2024-1683

ALT-PU-2024-6423

AZL-31120

AZL-37056

BDU:2023-06834

CVE-2023-5371

DSA-5559-1

MGASA-2024-0045

OESA-2023-1706

OPENSUSE-SU-2024:13310-1

OPENSUSE-SU-2024_3165-1

ROSA-SA-2024-2390

SUSE-SU-2023:4083-1

SUSE-SU-2023_4083-1

SUSE-SU-2024:3165-1

Affected Products

Alt Linux

Astra Linux

Red Os

Suse

Wireshark

CVE-2023-5371

Weakness Enumeration

Related Identifiers

Affected Products

References · 58