Wireshark 4.0.0-4.0.6 CBOR DoS via crafted capture
CVE-2023-4512 Published on August 24, 2023

Uncontrolled Recursion in Wireshark
CBOR dissector crash in Wireshark 4.0.0 to 4.0.6 allows denial of service via packet injection or crafted capture file

NVD

Vulnerability Analysis

CVE-2023-4512 is exploitable with local system access, requires user interaction. This vulnerability is considered to have a low attack complexity. Public availability of a proof of concept (POC) exploit exists for CVE-2023-4512. The potential impact of an exploit of this vulnerability is considered to be low. considered to have a small impact on confidentiality and integrity and availability.

Attack Vector:
LOCAL
Attack Complexity:
LOW
Privileges Required:
NONE
User Interaction:
REQUIRED
Scope:
UNCHANGED
Confidentiality Impact:
LOW
Integrity Impact:
LOW
Availability Impact:
LOW

Weakness Type

What is a Stack Exhaustion Vulnerability?

The product does not properly control the amount of recursion which takes place, consuming excessive resources, such as allocated memory or the program stack.

CVE-2023-4512 has been classified to as a Stack Exhaustion vulnerability or weakness.


Products Associated with CVE-2023-4512

Want to know whenever a new CVE is published for Wireshark? stack.watch will email you.

Wireshark
 

Affected Versions

Wireshark Foundation Wireshark:

Exploit Probability

EPSS
0.04%
Percentile
13.67%

EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.