Due to a failure in validating the length provided by an attacker-crafted CP2179 packet, Wireshark versions 2.0.0 through 4.0.7 is susceptible to a divide by zero allowing for a denial of service attack.
[
{
"defaultStatus": "unaffected",
"product": "Wireshark",
"vendor": "Wireshark Foundation",
"versions": [
{
"lessThanOrEqual": "4.0.7",
"status": "affected",
"version": "2.0.0",
"versionType": "semver"
}
]
}
]
gitlab.com/wireshark/wireshark/-/issues/19229
lists.fedoraproject.org/archives/list/[email protected]/message/6HCUPLDY7HLPO46PHMGIJSUBJFTT237C/
lists.fedoraproject.org/archives/list/[email protected]/message/L4AVRUYSHDNEAJILVSGY5W6MPOMG2YRF/
lists.fedoraproject.org/archives/list/[email protected]/message/TRKHFQPWFU7F3OXTL6IEIQSJG6FVXZTZ/
takeonme.org/cves/CVE-2023-2906.html