vulnerability
Amazon Linux 2023: CVE-2023-4511: Medium priority package update for wireshark
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 7 | (AV:N/AC:M/Au:N/C:N/I:N/A:C) | Aug 24, 2023 | Feb 17, 2025 | Jul 4, 2025 |
Severity
7
CVSS
(AV:N/AC:M/Au:N/C:N/I:N/A:C)
Published
Aug 24, 2023
Added
Feb 17, 2025
Modified
Jul 4, 2025
Description
BT SDP dissector infinite loop in Wireshark 4.0.0 to 4.0.7 and 3.6.0 to 3.6.15 allows denial of service via packet injection or crafted capture file
A denial of service vulnerability was found in Wireshark due to an infinite loop in the Bluetooth (BT) SDP dissector. Exploiting this flaw involves injecting a malformed packet onto the wire or enticing a victim to read a corrupted packet trace file, resulting in a crash of the BT SDP dissector. This issue may allow a remote attacker to perform a DoS attack by consuming all available system resources, leading to excessive CPU resource consumption.
A denial of service vulnerability was found in Wireshark due to an infinite loop in the Bluetooth (BT) SDP dissector. Exploiting this flaw involves injecting a malformed packet onto the wire or enticing a victim to read a corrupted packet trace file, resulting in a crash of the BT SDP dissector. This issue may allow a remote attacker to perform a DoS attack by consuming all available system resources, leading to excessive CPU resource consumption.
Solutions
amazon-linux-2023-upgrade-wireshark-cliamazon-linux-2023-upgrade-wireshark-cli-debuginfoamazon-linux-2023-upgrade-wireshark-debugsourceamazon-linux-2023-upgrade-wireshark-devel
Rapid7 Labs
2026 Global Threat Landscape Report
The predictive window has collapsed. Exploitation follows disclosure in days. See how attackers are accelerating and how to stay ahead.