/

CVE-2023-1993 Report - Details, Severity, & Advisories

CVE-2023-1993 Report - Details, Severity, & Advisories

Twingate Team

Jun 6, 2024

What is CVE-2023-1993?

CVE-2023-1993 is a medium-severity vulnerability affecting Wireshark, a popular network traffic analyzer. It allows for denial-of-service attacks through packet injection or crafted capture files, potentially disrupting systems running the affected versions of Wireshark. Users are advised to update their software to mitigate the risk posed by this vulnerability.

Who is impacted by this?

This issue specifically impacts Wireshark versions 4.0.0 to 4.0.4 and 3.6.0 to 3.6.12. The vulnerability involves a large loop in the LISP dissector, which could lead to denial-of-service attacks through packet injection or crafted capture files. Users of the LISP dissector in Wireshark and Fedora users who use the Wireshark network traffic analyzer should be aware of this vulnerability.

What should I do if I’m affected?

If you're affected by the CVE-2023-1993 vulnerability, it's important to take action to protect your system. Here's what you should do:

  1. Update Wireshark to the latest version, as recommended by the Debian security update and Fedora update.

  2. Regularly check for software updates and apply them as needed.

  3. Be cautious when opening capture files from untrusted sources.

Is this in CISA’s Known Exploited Vulnerabilities Catalog?

The CVE-2023-1993 vulnerability, also known as the LISP dissector large loop in Wireshark, is not listed in CISA's Known Exploited Vulnerabilities Catalog. It was added to the National Vulnerability Database on April 12, 2023.

Weakness Enumeration

The weakness enumeration for this vulnerability is categorized as CWE-834, which involves excessive iteration in Wireshark's LISP dissector.

Learn More

For more information about the CVE-2023-1993 vulnerability, including its description, severity, technical details, and known affected software configurations, visit the NVD page or the links below.

Rapidly implement a modern Zero Trust network that is more secure and maintainable than VPNs.

/

CVE-2023-1993 Report - Details, Severity, & Advisories

CVE-2023-1993 Report - Details, Severity, & Advisories

Twingate Team

Jun 6, 2024

What is CVE-2023-1993?

CVE-2023-1993 is a medium-severity vulnerability affecting Wireshark, a popular network traffic analyzer. It allows for denial-of-service attacks through packet injection or crafted capture files, potentially disrupting systems running the affected versions of Wireshark. Users are advised to update their software to mitigate the risk posed by this vulnerability.

Who is impacted by this?

This issue specifically impacts Wireshark versions 4.0.0 to 4.0.4 and 3.6.0 to 3.6.12. The vulnerability involves a large loop in the LISP dissector, which could lead to denial-of-service attacks through packet injection or crafted capture files. Users of the LISP dissector in Wireshark and Fedora users who use the Wireshark network traffic analyzer should be aware of this vulnerability.

What should I do if I’m affected?

If you're affected by the CVE-2023-1993 vulnerability, it's important to take action to protect your system. Here's what you should do:

  1. Update Wireshark to the latest version, as recommended by the Debian security update and Fedora update.

  2. Regularly check for software updates and apply them as needed.

  3. Be cautious when opening capture files from untrusted sources.

Is this in CISA’s Known Exploited Vulnerabilities Catalog?

The CVE-2023-1993 vulnerability, also known as the LISP dissector large loop in Wireshark, is not listed in CISA's Known Exploited Vulnerabilities Catalog. It was added to the National Vulnerability Database on April 12, 2023.

Weakness Enumeration

The weakness enumeration for this vulnerability is categorized as CWE-834, which involves excessive iteration in Wireshark's LISP dissector.

Learn More

For more information about the CVE-2023-1993 vulnerability, including its description, severity, technical details, and known affected software configurations, visit the NVD page or the links below.

Rapidly implement a modern Zero Trust network that is more secure and maintainable than VPNs.

CVE-2023-1993 Report - Details, Severity, & Advisories

Twingate Team

Jun 6, 2024

What is CVE-2023-1993?

CVE-2023-1993 is a medium-severity vulnerability affecting Wireshark, a popular network traffic analyzer. It allows for denial-of-service attacks through packet injection or crafted capture files, potentially disrupting systems running the affected versions of Wireshark. Users are advised to update their software to mitigate the risk posed by this vulnerability.

Who is impacted by this?

This issue specifically impacts Wireshark versions 4.0.0 to 4.0.4 and 3.6.0 to 3.6.12. The vulnerability involves a large loop in the LISP dissector, which could lead to denial-of-service attacks through packet injection or crafted capture files. Users of the LISP dissector in Wireshark and Fedora users who use the Wireshark network traffic analyzer should be aware of this vulnerability.

What should I do if I’m affected?

If you're affected by the CVE-2023-1993 vulnerability, it's important to take action to protect your system. Here's what you should do:

  1. Update Wireshark to the latest version, as recommended by the Debian security update and Fedora update.

  2. Regularly check for software updates and apply them as needed.

  3. Be cautious when opening capture files from untrusted sources.

Is this in CISA’s Known Exploited Vulnerabilities Catalog?

The CVE-2023-1993 vulnerability, also known as the LISP dissector large loop in Wireshark, is not listed in CISA's Known Exploited Vulnerabilities Catalog. It was added to the National Vulnerability Database on April 12, 2023.

Weakness Enumeration

The weakness enumeration for this vulnerability is categorized as CWE-834, which involves excessive iteration in Wireshark's LISP dissector.

Learn More

For more information about the CVE-2023-1993 vulnerability, including its description, severity, technical details, and known affected software configurations, visit the NVD page or the links below.