CVE-2023-0414 : Crash in the EAP dissector in Wireshark 4.0.0 to 4.0.2 allows denial of service

Crash in the EAP dissector in Wireshark 4.0.0 to 4.0.2 allows denial of service via packet injection or crafted capture file

Published 2023-01-26 21:18:08

Updated 2025-04-02 16:15:31

Source GitLab Inc.

View at NVD, CVE.org

Vulnerability category: Denial of service

Products affected by CVE-2023-0414

Wireshark » Wireshark
Versions from including (>=) 4.0.0 and up to, including, (<=) 4.0.2
cpe:2.3:a:wireshark:wireshark:*:*:*:*:*:*:*:*
Matching versions

EPSS FAQ

0.05%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 12 %

Percentile, the proportion of vulnerabilities that are scored at or less

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source
6.3	MEDIUM	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L	2.8	3.4	GitLab Inc.
Attack Vector: Network Attack Complexity: Low Privileges Required: None User Interaction: Required Scope: Unchanged Confidentiality: Low Integrity: Low Availability: Low
6.5	MEDIUM	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H	2.8	3.6	NIST
Attack Vector: Network Attack Complexity: Low Privileges Required: None User Interaction: Required Scope: Unchanged Confidentiality: None Integrity: None Availability: High

https://gitlab.com/wireshark/wireshark/-/issues/18622

Fuzz job crash output: fuzz-2022-11-11-7078.pcap (#18622) · Issues · Wireshark Foundation / wireshark · GitLab
Issue Tracking;Patch;Third Party Advisory
https://www.wireshark.org/security/wnpa-sec-2023-01.html

Wireshark · wnpa-sec-2023-01 · EAP dissector crash
Vendor Advisory
https://gitlab.com/gitlab-org/cves/-/blob/master/2023/CVE-2023-0414.json

2023/CVE-2023-0414.json · master · GitLab.org / cves · GitLab
Third Party Advisory

Jump to