Excessive loops in multiple dissectors in Wireshark 4.0.0 to 4.0.2 and 3.6.0 to 3.6.10 and allows denial of service via packet injection or crafted capture file. References: https://www.wireshark.org/security/wnpa-sec-2023-06.html https://gitlab.com/wireshark/wireshark/-/issues/18711 https://gitlab.com/wireshark/wireshark/-/issues/18720 https://gitlab.com/wireshark/wireshark/-/issues/18737 https://gitlab.com/gitlab-org/cves/-/blob/master/2023/CVE-2023-0411.json
Created wireshark tracking bugs for this issue: Affects: fedora-all [bug 2168676]
Current version of wireshark in RHEL8 is 2.6.2 which means that bpv6 dissector is not part of our code base(added in later versions), the part of affected code for RTPS is also not present. As for NCP, I was not able to make wireshark crash with any of the provided .pcap files. I am closing this CVE. Feel free to reopen should you hit this or should you feel that this needs fixing in RHEL8.
Sorry, I meant to close the CVE bug for my component but closed the one for Security Response. Reopening.