CVE-2023-2952

Summary

XRA dissector infinite loop in Wireshark 4.0.0 to 4.0.5 and 3.6.0 to 3.6.13 allows denial of service via packet injection or crafted capture file

Affected Software

VendorProductVersion RangeStatus
Wireshark FoundationWireshark>=4.0.0, <4.0.6affected
Wireshark FoundationWireshark>=3.6.0, <3.6.14affected

Weaknesses

  • Loop with unreachable exit condition ('infinite loop') in Wireshark

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: poc
    • Automatable: no
    • Technical Impact: partial

References