Severity

Medium

Analysis Summary

CVE-2022-0581 

Wireshark is vulnerable to a denial of service, caused by an error in the CMS dissectors. By injecting a malformed packet onto the wire or persuading a victim to read a malformed packet trace file, a remote attacker could exploit this vulnerability to cause the application to crash.

CVE-2022-0582 

Wireshark is vulnerable to a denial of service, caused by an error in the CSN.1 protocol dissectors. By injecting a malformed packet onto the wire or persuading a victim to read a malformed packet trace file, a remote attacker could exploit this vulnerability to cause the application to crash.

CVE-2022-0583 

Wireshark is vulnerable to a denial of service, caused by an error in the PVFS dissectors. By injecting a malformed packet onto the wire or persuading a victim to read a malformed packet trace file, a remote attacker could exploit this vulnerability to cause the application to crash.

CVE-2022-0586 

Wireshark is vulnerable to a denial of service, caused by an infinite loop in the RTMPT dissector. By injecting a malformed packet onto the wire or persuading a victim to read a malformed packet trace file, a remote attacker could exploit this vulnerability to cause the application to enter into an infinite loop.

Impact

• Denial of Service

Indicators of Compromise

CVE

• CVE-2022-0581
• CVE-2022-0582
• CVE-2022-0583
• CVE-2022-0586

Affected Vendors

Wireshark

Affected Products

• Wireshark Wireshark 3.6.0
• Wireshark Wireshark 3.6.1
• Wireshark Wireshark 3.4.11
• Wireshark Wireshark 3.4.0

Remediation

Refer to Wireshark advisory for patch, upgrade, or suggested workaround information.