Wireshark LISP Dissector DoS 3.6.0-3.6.12 & 4.0.0-4.0.4
CVE-2023-1993 Published on April 12, 2023
LISP dissector large loop in Wireshark 4.0.0 to 4.0.4 and 3.6.0 to 3.6.12 allows denial of service via packet injection or crafted capture file
Vulnerability Analysis
CVE-2023-1993 can be exploited with network access, requires user interaction. This vulnerability is considered to have a low attack complexity. The potential impact of an exploit of this vulnerability is considered to be low. considered to have a small impact on confidentiality and integrity and availability.
Weakness Type
Excessive Iteration
The software performs an iteration or loop without sufficiently limiting the number of times that the loop is executed. If the iteration can be influenced by an attacker, this weakness could allow attackers to consume excessive resources such as CPU or memory. In many cases, a loop does not need to be infinite in order to cause enough resource consumption to adversely affect the software or its host system; it depends on the amount of resources consumed per iteration.
Products Associated with CVE-2023-1993
You can be notified by email with stack.watch whenever vulnerabilities like CVE-2023-1993 are published in these products:
Affected Versions
Wireshark Foundation Wireshark:- Version >=4.0.0, <4.0.5 is affected.
- Version >=3.6.0, <3.6.13 is affected.
Exploit Probability
EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.