Denial of Service Vulnerability in Wireshark USB HID Protocol Dissector
CVE-2022-3724

7.5HIGH

Key Information:

Vendor: Wireshark
Status: Wireshark
Vendor: CVE Published:; 9 December 2022

Summary

A vulnerability in the USB HID protocol dissector of Wireshark versions 3.6.0 to 3.6.8 could be exploited to cause a denial of service. This is achieved through the injection of specially crafted packets or using a malicious capture file, particularly on Windows systems. Users of these versions are advised to upgrade to the latest release to mitigate potential risks associated with this security issue.

Affected Version(s)

Wireshark >=3.6.0, <3.6.8

References

https://www.wireshark.org/security/wnpa-sec-2022-08.html

https://gitlab.com/wireshark/wireshark/-/issues/18384

https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE...

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Dec 9, 2022
Vulnerability Reserved
Oct 27, 2022

Credit

TODO