CVE-2022-3724Use of Externally-Controlled Format String in Wireshark

CWE-134Use of Externally-Controlled Format StringCWE-400Uncontrolled Resource ConsumptionCWE-74Injection6 documents6 sources
Severity
7.5HIGHNVD
CNA6.3
EPSS
0.4%
top 40.75%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
WiresharkWireshark Foundation Wireshark
Timeline
PublishedDec 9

Description

Crash in the USB HID protocol dissector in Wireshark 3.6.0 to 3.6.8 allows denial of service via packet injection or crafted capture file on Windows

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 3.9 | Impact: 3.6

Affected Packages2 packages

NVDwireshark/wireshark3.6.03.6.8
CVEListV5wireshark_foundation/wireshark>=3.6.0, <3.6.8

🔴Vulnerability Details

3
OSV
CVE-2022-3724: Crash in the USB HID protocol dissector in Wireshark 32022-12-09
CVEList
CVE-2022-3724: Crash in the USB HID protocol dissector in Wireshark 32022-12-09
GHSA
GHSA-86q3-6wjf-3984: Crash in the USB HID protocol dissector in Wireshark 32022-12-09

📋Vendor Advisories

2
Red Hat
wireshark: denial of service via packet injection or crafted capture file2022-12-09
Debian
CVE-2022-3724: wireshark - Crash in the USB HID protocol dissector in Wireshark 3.6.0 to 3.6.8 allows denia...2022
CVE-2022-3724 — Wireshark vulnerability | cvebase