VDB
CNVD-2023-62288
CNVD-2023-62288
PUBLISHED
CVSS 5.300000190734863 MEDIUM
Wireshark(前称Ethereal)是导线鲨鱼(Wireshark)团队的一套网络数据包分析软件。该软件的功能是截取网络数据包,并显示出详细的数据以供分析。 Wireshark存在拒绝服务漏洞,该漏洞源于未对输入的错误消息做正确的处理,攻击者可利用该漏洞通过数据包注入精心制作的捕获文件导致XRA解析器无限循环。
Risk Scores
CVSS v3.1
5.300000190734863
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Wireshark Foundation | Wireshark | >=4.0.0, <4.0.6, * |
Timeline
- May 24, 2023 CVE Published
- May 3, 2026 Distribution Patch
- May 3, 2026 Security Advisory
- May 3, 2026 Security Advisory
References
- https://www.wireshark.org/security/wnpa-sec-2023-20.html url
- https://gitlab.com/wireshark/wireshark/-/issues/19100 url
- https://gitlab.com/gitlab-org/cves/-/blob/master/2023/CVE-2023-2952.json url
- [debian-lts-announce] 20230603 [SECURITY] [DLA 3443-1] wireshark security update mailing-list
- DSA-5429 vendor-advisory
- GLSA-202309-02 vendor-advisory
- https://lists.debian.org/debian-lts-announce/2024/09/msg00049.html url