{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"state": "PUBLISHED", "cveId": "CVE-2023-0413", "assignerOrgId": "ceab7361-8a18-47b1-92ba-4d7d25f6715a", "assignerShortName": "GitLab", "dateUpdated": "2025-11-03T21:46:54.535Z", "dateReserved": "2023-01-20T00:00:00.000Z", "datePublished": "2023-01-24T00:00:00.000Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "ceab7361-8a18-47b1-92ba-4d7d25f6715a", "shortName": "GitLab", "dateUpdated": "2023-02-08T00:00:00.000Z"}, "descriptions": [{"lang": "en", "value": "Dissection engine bug in Wireshark 4.0.0 to 4.0.2 and 3.6.0 to 3.6.10 and allows denial of service via packet injection or crafted capture file"}], "affected": [{"vendor": "Wireshark Foundation", "product": "Wireshark", "versions": [{"version": ">=4.0.0, <4.0.3", "status": "affected"}, {"version": ">=3.6.0, <3.6.11", "status": "affected"}]}], "references": [{"url": "https://www.wireshark.org/security/wnpa-sec-2023-03.html"}, {"url": "https://gitlab.com/wireshark/wireshark/-/issues/18766"}, {"url": "https://gitlab.com/gitlab-org/cves/-/blob/master/2023/CVE-2023-0413.json"}, {"name": "[debian-lts-announce] 20230208 [SECURITY] [DLA 3313-1] wireshark security update", "tags": ["mailing-list"], "url": "https://lists.debian.org/debian-lts-announce/2023/02/msg00007.html"}], "metrics": [{"cvssV3_1": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "REQUIRED", "scope": "UNCHANGED", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "availabilityImpact": "LOW", "baseScore": 6.3, "baseSeverity": "MEDIUM"}}], "problemTypes": [{"descriptions": [{"type": "text", "lang": "en", "description": "Null pointer dereference in Wireshark"}]}]}, "adp": [{"title": "CVE Program Container", "references": [{"url": "https://www.wireshark.org/security/wnpa-sec-2023-03.html", "tags": ["x_transferred"]}, {"url": "https://gitlab.com/wireshark/wireshark/-/issues/18766", "tags": ["x_transferred"]}, {"url": "https://gitlab.com/gitlab-org/cves/-/blob/master/2023/CVE-2023-0413.json", "tags": ["x_transferred"]}, {"name": "[debian-lts-announce] 20230208 [SECURITY] [DLA 3313-1] wireshark security update", "tags": ["mailing-list", "x_transferred"], "url": "https://lists.debian.org/debian-lts-announce/2023/02/msg00007.html"}, {"url": "https://lists.debian.org/debian-lts-announce/2024/09/msg00049.html"}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2025-11-03T21:46:54.535Z"}}, {"problemTypes": [{"descriptions": [{"type": "CWE", "cweId": "CWE-404", "lang": "en", "description": "CWE-404 Improper Resource Shutdown or Release"}]}], "metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-04-02T15:14:27.072686Z", "id": "CVE-2023-0413", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-04-02T15:14:30.463Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://www.wireshark.org/security/wnpa-sec-2023-03.html", "tags": ["x_transferred"]}, {"url": "https://gitlab.com/wireshark/wireshark/-/issues/18766", "tags": ["x_transferred"]}, {"url": "https://gitlab.com/gitlab-org/cves/-/blob/master/2023/CVE-2023-0413.json", "tags": ["x_transferred"]}, {"url": "https://lists.debian.org/debian-lts-announce/2023/02/msg00007.html", "name": "[debian-lts-announce] 20230208 [SECURITY] [DLA 3313-1] wireshark security update", "tags": ["mailing-list", "x_transferred"]}, {"url": "https://lists.debian.org/debian-lts-announce/2024/09/msg00049.html"}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2025-11-03T21:46:54.535Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2023-0413", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2025-04-02T15:14:27.072686Z"}}}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-404", "description": "CWE-404 Improper Resource Shutdown or Release"}]}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-04-02T15:14:21.716Z"}}], "cna": {"metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.3, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L", "integrityImpact": "LOW", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "LOW", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}}], "affected": [{"vendor": "Wireshark Foundation", "product": "Wireshark", "versions": [{"status": "affected", "version": ">=4.0.0, <4.0.3"}, {"status": "affected", "version": ">=3.6.0, <3.6.11"}]}], "references": [{"url": "https://www.wireshark.org/security/wnpa-sec-2023-03.html"}, {"url": "https://gitlab.com/wireshark/wireshark/-/issues/18766"}, {"url": "https://gitlab.com/gitlab-org/cves/-/blob/master/2023/CVE-2023-0413.json"}, {"url": "https://lists.debian.org/debian-lts-announce/2023/02/msg00007.html", "name": "[debian-lts-announce] 20230208 [SECURITY] [DLA 3313-1] wireshark security update", "tags": ["mailing-list"]}], "descriptions": [{"lang": "en", "value": "Dissection engine bug in Wireshark 4.0.0 to 4.0.2 and 3.6.0 to 3.6.10 and allows denial of service via packet injection or crafted capture file"}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "text", "description": "Null pointer dereference in Wireshark"}]}], "providerMetadata": {"orgId": "ceab7361-8a18-47b1-92ba-4d7d25f6715a", "shortName": "GitLab", "dateUpdated": "2023-02-08T00:00:00.000Z"}}}, "cveMetadata": {"cveId": "CVE-2023-0413", "state": "PUBLISHED", "dateUpdated": "2025-11-03T21:46:54.535Z", "dateReserved": "2023-01-20T00:00:00.000Z", "assignerOrgId": "ceab7361-8a18-47b1-92ba-4d7d25f6715a", "datePublished": "2023-01-24T00:00:00.000Z", "assignerShortName": "GitLab"}, "dataVersion": "5.2"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:wireshark:wireshark:*:*:*:*:*:*:*:*", "matchCriteriaId": "211ACC10-0127-4F5F-A124-CC3563923D1B", "versionEndIncluding": "3.6.10", "versionStartIncluding": "3.6.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:wireshark:wireshark:*:*:*:*:*:*:*:*", "matchCriteriaId": "FD6DA49A-D5CB-4528-B23F-32E3F8F00A33", "versionEndIncluding": "4.0.2", "versionStartIncluding": "4.0.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Dissection engine bug in Wireshark 4.0.0 to 4.0.2 and 3.6.0 to 3.6.10 and allows denial of service via packet injection or crafted capture file"}, {"lang": "es", "value": "Error del motor de disecci\u00f3n en Wireshark 4.0.0 a 4.0.2 y 3.6.0 a 3.6.10 y permite la denegaci\u00f3n de servicio mediante inyecci\u00f3n de paquetes o archivo de captura manipulado."}], "id": "CVE-2023-0413", "lastModified": "2025-11-03T22:16:02.573", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 6.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 3.4, "source": "cve@gitlab.com", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2023-01-26T21:18:07.847", "references": [{"source": "cve@gitlab.com", "tags": ["Third Party Advisory"], "url": "https://gitlab.com/gitlab-org/cves/-/blob/master/2023/CVE-2023-0413.json"}, {"source": "cve@gitlab.com", "tags": ["Issue Tracking", "Patch", "Third Party Advisory"], "url": "https://gitlab.com/wireshark/wireshark/-/issues/18766"}, {"source": "cve@gitlab.com", "url": "https://lists.debian.org/debian-lts-announce/2023/02/msg00007.html"}, {"source": "cve@gitlab.com", "tags": ["Vendor Advisory"], "url": "https://www.wireshark.org/security/wnpa-sec-2023-03.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://gitlab.com/gitlab-org/cves/-/blob/master/2023/CVE-2023-0413.json"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Issue Tracking", "Patch", "Third Party Advisory"], "url": "https://gitlab.com/wireshark/wireshark/-/issues/18766"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://lists.debian.org/debian-lts-announce/2023/02/msg00007.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://lists.debian.org/debian-lts-announce/2024/09/msg00049.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "https://www.wireshark.org/security/wnpa-sec-2023-03.html"}], "sourceIdentifier": "cve@gitlab.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-404"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-404"}], "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}

{"bugzilla": {"description": "wireshark: dissection engine crash via conversation tracking module", "id": "2165842", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2165842"}, "csaw": false, "cvss3": {"cvss3_base_score": "6.5", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "status": "draft"}, "cwe": "CWE-476", "details": ["Dissection engine bug in Wireshark 4.0.0 to 4.0.2 and 3.6.0 to 3.6.10 and allows denial of service via packet injection or crafted capture file", "A flaw was found in the conversation tracking module of Wireshark. This issue occurs when decoding malformed packets from a pcap file or from the network, causing a crash and resulting in a Denial of Service."], "name": "CVE-2023-0413", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Out of support scope", "package_name": "wireshark", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Out of support scope", "package_name": "wireshark", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Will not fix", "package_name": "wireshark", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Will not fix", "package_name": "wireshark", "product_name": "Red Hat Enterprise Linux 9"}], "public_date": "2023-01-27T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2023-0413\nhttps://nvd.nist.gov/vuln/detail/CVE-2023-0413"], "threat_severity": "Moderate"}