CVE-2022-0582 — NULL Pointer Dereference in Wireshark

CWE-476 — NULL Pointer Dereference CWE-74 — Injection8 documents8 sources

Severity

9.8CRITICALNVD

CNA6.3

EPSS

0.1%

top 79.90%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Wireshark Wireshark Foundation Wireshark Debian Linux +1 more

Timeline

PublishedFeb 14

Latest updateJun 4

Description

Unaligned access in the CSN.1 protocol dissector in Wireshark 3.6.0 to 3.6.1 and 3.4.0 to 3.4.11 allows denial of service via packet injection or crafted capture file

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages3 packages

▶NVDwireshark/wireshark3.4.0 — 3.4.12+2

▶Debianwireshark/wireshark< 3.4.16-0+deb11u1+3

▶CVEListV5wireshark_foundation/wireshark>=3.4.0, <3.4.12, >=3.6.0, <3.6.2+1

Also affects: Debian Linux 9.0, Fedora 34, 35

🔴Vulnerability Details

GHSA

GHSA-f9cx-48m4-2xp7: Unaligned access in the CSN↗2022-02-15

▶

CVEList

CVE-2022-0582: Unaligned access in the CSN↗2022-02-14

▶

OSV

CVE-2022-0582: Unaligned access in the CSN↗2022-02-14

▶

📋Vendor Advisories

Ubuntu

Wireshark vulnerabilities↗2025-06-04

▶

Red Hat

wireshark: CSN.1 dissector crash↗2022-02-10

▶

Microsoft

Unaligned access in the CSN.1 protocol dissector in Wireshark 3.6.0 to 3.6.1 and 3.4.0 to 3.4.11 allows denial of service via packet injection or crafted capture file↗2022-02-08

▶

Debian

CVE-2022-0582: wireshark - Unaligned access in the CSN.1 protocol dissector in Wireshark 3.6.0 to 3.6.1 and...↗2022

▶