CVE-2023-2855 is a buffer over-read vulnerability classified under CWE-787, affecting the Candump log parser component in Wireshark versions 3.6.0 through 3.6.13 and 4.0.0 through 4.0.5. The flaw arises when Wireshark processes a specially crafted capture file, causing it to read beyond the allocated buffer boundaries. This improper memory access leads to application instability and crashes, resulting in a denial of service condition. The vulnerability requires no privileges but does require user interaction, as the victim must open the malicious capture file within Wireshark. The CVSS v3.1 base score is 5.3, indicating medium severity, with attack vector local (AV:L), low complexity (AC:L), no privileges required (PR:N), user interaction required (UI:R), unchanged scope (S:U), and low impact on confidentiality, integrity, and availability (C:L/I:L/A:L). There are no known exploits in the wild, and no patches were linked in the provided data, but it is expected that Wireshark Foundation has or will release fixes in subsequent versions. The vulnerability primarily affects network analysts and security professionals who use Wireshark to parse and analyze network traffic logs, particularly those handling CAN bus dump files. Exploitation could disrupt network monitoring activities, delaying incident response and forensic investigations.

For European organizations, the primary impact of CVE-2023-2855 is operational disruption due to denial of service when Wireshark crashes upon processing malicious capture files. This can hinder network traffic analysis, delay threat detection, and complicate incident response efforts. Organizations relying heavily on Wireshark for security monitoring, troubleshooting, or compliance auditing may experience reduced visibility into network events during an attack. While the vulnerability does not allow remote code execution or data exfiltration, the loss of availability and potential integrity issues in analysis results could affect critical infrastructure sectors, including finance, telecommunications, and government agencies. The requirement for user interaction limits large-scale automated exploitation but does not eliminate targeted attacks against security teams. The medium severity rating suggests manageable risk if mitigations are promptly applied, but neglect could lead to repeated disruptions and increased exposure to other threats due to impaired network visibility.

European organizations should immediately upgrade Wireshark to versions 3.6.14 or 4.0.6 or later, where this vulnerability is patched. Until updates are applied, restrict the opening of capture files from untrusted or unknown sources, especially those containing CAN bus dump data. Implement strict file validation and sandboxing measures for Wireshark usage to isolate potential crashes from affecting broader systems. Train security analysts to recognize suspicious capture files and avoid opening files received via unverified channels. Employ network segmentation and monitoring to detect anomalous file transfers that could deliver malicious capture files. Additionally, consider using alternative network analysis tools temporarily if patching is delayed. Regularly review and update incident response plans to account for potential disruptions caused by such vulnerabilities. Maintain awareness of Wireshark Foundation advisories for any further updates or exploit reports.