2165825 – (CVE-2023-0411) CVE-2023-0411 wireshark: Multiple dissector excessive loops

Bug 2165825 (CVE-2023-0411) - CVE-2023-0411 wireshark: Multiple dissector excessive loops

Summary: CVE-2023-0411 wireshark: Multiple dissector excessive loops

Keywords:
Status:	NEW
Alias:	CVE-2023-0411
Product:	Security Response
Classification:	Other
Component:	vulnerability
Sub Component:
Version:	unspecified
Hardware:	All
OS:	Linux
Priority:	medium
Severity:	medium
Target Milestone:	---
Assignee:	Nobody
QA Contact:
Docs Contact:
URL:
Whiteboard:
Depends On:	2168676 2168956 2169833
Blocks:	2165003
TreeView+	depends on / blocked

Reported:	2023-01-31 08:46 UTC by TEJ RATHI
Modified:	2023-07-07 08:34 UTC (History)
CC List:	2 users (show)
Fixed In Version:	wireshark 4.0.3, wireshark 3.6.11
Doc Type:	If docs needed, set a value
Doc Text:	A flaw was found in the BPv6, NCP, and RTPS dissectors of Wireshark. This issue occurs when decoding malformed packets from a pcap file or from the network, causing excessive consumption of CPU resources due to excessive loops, resulting in a Denial of Service.
Clone Of:
Environment:
Last Closed:	2023-02-15 15:05:24 UTC
Embargoed:

Attachments	(Terms of Use)

Description TEJ RATHI 2023-01-31 08:46:40 UTC

Excessive loops in multiple dissectors in Wireshark 4.0.0 to 4.0.2 and 3.6.0 to 3.6.10 and allows denial of service via packet injection or crafted capture file.

References:
https://www.wireshark.org/security/wnpa-sec-2023-06.html
https://gitlab.com/wireshark/wireshark/-/issues/18711
https://gitlab.com/wireshark/wireshark/-/issues/18720
https://gitlab.com/wireshark/wireshark/-/issues/18737
https://gitlab.com/gitlab-org/cves/-/blob/master/2023/CVE-2023-0411.json

Comment 1 Guilherme de Almeida Suckevicz 2023-02-09 17:58:42 UTC

Created wireshark tracking bugs for this issue:

Affects: fedora-all [bug 2168676]

Comment 4 Michal Ruprich 2023-02-15 15:05:24 UTC

Current version of wireshark in RHEL8 is 2.6.2 which means that bpv6 dissector is not part of our code base(added in later versions), the part of affected code for RTPS is also not present. As for NCP, I was not able to make wireshark crash with any of the provided .pcap files. I am closing this CVE. Feel free to reopen should you hit this or should you feel that this needs fixing in RHEL8.

Comment 5 Michal Ruprich 2023-02-15 15:07:49 UTC

Sorry, I meant to close the CVE bug for my component but closed the one for Security Response. Reopening.

Note You need to log in before you can comment on or make changes to this bug.