CVE-2023-4511

2023-08-2407:15:12

Google

osv.dev

bt sdp dissector

wireshark 4.0

denial of service

packet injection

crafted capture file

software

cve-2023-4511

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

7.3 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

32.8%

JSON

BT SDP dissector infinite loop in Wireshark 4.0.0 to 4.0.7 and 3.6.0 to 3.6.15 allows denial of service via packet injection or crafted capture file

CPENameOperatorVersion
wiresharkeq3.6.10
wiresharkeq3.6.7rc0
wiresharkeqwireshark-3.6.4
wiresharkeq3.6.2rc0
wiresharkeq3.6.15
wiresharkeq3.6.9
wiresharkeq3.6.4rc0
wiresharkeq3.6.5
wiresharkeqwireshark-3.6.3
wiresharkeq3.6.13rc0

Name	Operator	Version
wireshark	eq	3.6.10
wireshark	eq	3.6.7rc0
wireshark	eq	wireshark-3.6.4
wireshark	eq	3.6.2rc0
wireshark	eq	3.6.15
wireshark	eq	3.6.9
wireshark	eq	3.6.4rc0
wireshark	eq	3.6.5
wireshark	eq	wireshark-3.6.3
wireshark	eq	3.6.13rc0