Headline
CVE-2023-1993: Wireshark • wnpa-sec-2023-10 LISP dissector large loop
LISP dissector large loop in Wireshark 4.0.0 to 4.0.4 and 3.6.0 to 3.6.12 allows denial of service via packet injection or crafted capture file
Summary
Name: LISP dissector large loop
Docid: wnpa-sec-2023-10
Date: April 12, 2023
Affected versions: 4.0.0 to 4.0.4, 3.6.0 to 3.6.12
Fixed versions: 4.0.5, 3.6.13
References:
Wireshark issue 18900.
CVE-2023-1993.
Details****Description
The LISP dissector could go into a large loop.
Impact
It may be possible to make Wireshark consume excessive CPU resources by injecting a malformed packet onto the wire or by convincing someone to read a malformed packet trace file.
Resolution
Upgrade to Wireshark 4.0.5, 3.6.13 or later.
Related news
Gentoo Linux Security Advisory 202309-2 - Multiple vulnerabilities have been found in Wireshark, the worst of which could result in denial of service. Versions greater than or equal to 4.0.6 are affected.
Debian Linux Security Advisory 5429-1 - Multiple vulnerabilities have been discovered in Wireshark, a network protocol analyzer which could result in denial of service or the execution of arbitrary code.