CVE-2023-4513 in Wireshark
Summary
by MITRE • 08/24/2023
BT SDP dissector memory leak in Wireshark 4.0.0 to 4.0.7 and 3.6.0 to 3.6.15 allows denial of service via packet injection or crafted capture file
If you want to get best quality of vulnerability data, you may have to visit VulDB.
Analysis
by VulDB Data Team • 05/07/2026
The vulnerability identified as CVE-2023-4513 represents a critical memory leak flaw within the Bluetooth Service Discovery Protocol (SDP) dissector component of Wireshark. This issue affects versions 4.0.0 through 4.0.7 and 3.6.0 through 3.6.15 of the popular network protocol analyzer, creating a significant denial of service risk for users who process Bluetooth-related network traffic. The flaw manifests when Wireshark attempts to parse SDP packets, leading to improper memory management that results in progressive memory consumption until system resources are exhausted.
The technical nature of this vulnerability stems from insufficient memory deallocation during the processing of malformed or specially crafted SDP packets. When Wireshark encounters such packets during packet capture analysis or file processing, the SDP dissector fails to properly release allocated memory blocks, causing a memory leak that accumulates over time. This memory consumption pattern becomes particularly problematic when processing large capture files or continuous network monitoring scenarios where the dissector repeatedly processes similar malformed packets, ultimately leading to system instability or complete application crash.
From an operational perspective, this vulnerability creates substantial risk for network security professionals and analysts who rely on Wireshark for Bluetooth network analysis. Attackers can exploit this flaw by injecting malicious SDP packets into network traffic or by crafting specially formatted capture files designed to trigger the memory leak condition. The impact extends beyond simple denial of service, as the memory exhaustion can cause Wireshark to become unresponsive or crash entirely, potentially interrupting critical network monitoring operations or forensic analysis activities. Security teams conducting Bluetooth protocol analysis or vulnerability assessments may inadvertently trigger this condition while investigating network traffic, leading to operational disruptions.
The vulnerability aligns with CWE-401, which specifically addresses improper release of memory, and represents a classic example of a resource leak that can be exploited to achieve denial of service conditions. From the ATT&CK framework perspective, this vulnerability falls under the T1499.004 technique for Network Denial of Service, where adversaries leverage application flaws to consume system resources and disrupt normal operations. Organizations using Wireshark for network security operations should prioritize immediate patching of affected versions, as the vulnerability can be exploited remotely through packet injection or locally through crafted capture files, making it particularly dangerous in environments where untrusted network traffic is analyzed.
Mitigation strategies should include immediate deployment of patched Wireshark versions, implementation of network segmentation to limit exposure to potentially malicious Bluetooth traffic, and establishment of monitoring procedures to detect unusual memory consumption patterns in network analysis systems. Additionally, security teams should consider implementing capture file validation procedures and limiting the analysis of untrusted network data until systems are properly updated. The vulnerability demonstrates the critical importance of maintaining current network analysis tools and the potential for seemingly benign protocol parsing components to become significant security risks when memory management flaws are present in widely used software applications.