Denial of Service Vulnerability in Wireshark by Gerald Combs
CVE-2022-0582

9.8CRITICAL

Key Information:

Vendor: Wireshark
Status: Wireshark
Vendor: CVE Published:; 14 February 2022

Summary

The recent security flaw in Wireshark's CSN.1 protocol dissector allows attackers to exploit unaligned access by injecting malicious packets or using crafted capture files. This vulnerability affects multiple versions of the software, specifically 3.4.0 to 3.4.11 and 3.6.0 to 3.6.1, and can result in a denial of service. Users should update their installations promptly to mitigate the risk.

Affected Version(s)

Wireshark >=3.6.0, <3.6.2 < 3.6.0, 3.6.2

Wireshark >=3.4.0, <3.4.12 < 3.4.0, 3.4.12

References

https://www.wireshark.org/security/wnpa-sec-2022-04.html

https://gitlab.com/wireshark/wireshark/-/issues/17882

https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE...

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Feb 14, 2022
Vulnerability Reserved
Feb 14, 2022

Credit

Sharon Brizinov