CVE-2023-4511 in Wiresharkinfo

Summary

by MITRE • 08/24/2023

BT SDP dissector infinite loop in Wireshark 4.0.0 to 4.0.7 and 3.6.0 to 3.6.15 allows denial of service via packet injection or crafted capture file

Once again VulDB remains the best source for vulnerability data.

Analysis

by VulDB Data Team • 05/07/2026

The vulnerability identified as CVE-2023-4511 represents a critical denial of service flaw within Wireshark's Bluetooth Service Discovery Protocol dissector. This issue affects multiple versions of the popular network protocol analyzer, specifically targeting releases from 4.0.0 through 4.0.7 and 3.6.0 through 3.6.15. The flaw manifests as an infinite loop during packet processing, which can be triggered by either injecting malicious packets into a network stream or by opening a specially crafted capture file. The technical nature of this vulnerability stems from inadequate input validation within the Bluetooth SDP dissector component, which fails to properly handle malformed or unexpected packet structures during the parsing process.

The operational impact of this vulnerability extends beyond simple service disruption, as it can be exploited by remote attackers to cause complete application hangs or crashes. When a vulnerable Wireshark instance processes a maliciously crafted Bluetooth SDP packet, the dissector enters an infinite loop that consumes excessive CPU resources and prevents the application from processing any additional packets. This behavior aligns with CWE-835, which categorizes infinite loops or iterations as a common weakness in software design that can lead to denial of service conditions. The vulnerability's exploitability is particularly concerning given Wireshark's widespread use in network forensics, security testing, and network troubleshooting environments where analysts frequently open capture files from unknown sources.

From an adversary perspective, this vulnerability maps directly to ATT&CK technique T1499.004, which involves network disruption through resource exhaustion, and T1566.001, which encompasses social engineering via spearphishing attachments. Attackers can craft malicious capture files containing malformed Bluetooth SDP packets that, when opened by an unsuspecting user, will trigger the infinite loop condition. The vulnerability also demonstrates characteristics consistent with ATT&CK technique T1059.007, where adversaries leverage application execution flaws to cause system instability. The fact that this vulnerability affects both live packet injection and file-based exploitation means that defenders must consider multiple attack vectors when implementing protective measures.

Mitigation strategies for CVE-2023-4511 should prioritize immediate software updates to versions that have addressed this flaw, with particular attention to the release notes confirming the fix for the Bluetooth SDP dissector infinite loop. Network administrators should implement strict file validation policies, particularly when handling capture files from external sources, and consider implementing sandboxed environments for capture file analysis. The vulnerability highlights the importance of input validation and robust error handling in protocol dissectors, as recommended by industry standards that emphasize defensive programming practices. Organizations should also consider implementing network segmentation to limit the potential impact of such exploits and maintain regular patching schedules to address similar vulnerabilities in network analysis tools.

Responsible

GitLab Inc.

Reservation

08/24/2023

Disclosure

08/24/2023

Moderation

accepted

CPE

ready

EPSS

0.00438

KEV

no

Activities

very low

Sources

Interested in the pricing of exploits?

See the underground prices here!