CVE-2022-3725Out-of-bounds Write in Wireshark

CWE-787Out-of-bounds WriteCWE-400Uncontrolled Resource Consumption6 documents6 sources
Severity
7.5HIGHNVD
CNA6.3
EPSS
0.1%
top 77.27%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
WiresharkWireshark Foundation WiresharkFedoraproject Fedora
Timeline
PublishedOct 27

Description

Crash in the OPUS protocol dissector in Wireshark 3.6.0 to 3.6.8 allows denial of service via packet injection or crafted capture file

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 3.9 | Impact: 3.6

Affected Packages3 packages

Debianwireshark/wireshark< 4.0.0-1+2
NVDwireshark/wireshark3.6.03.6.8
CVEListV5wireshark_foundation/wireshark>=3.6.0, <3.6.8

Also affects: Fedora 37

Patches

Patch: gitlab.comPatch: gitlab.com

🔴Vulnerability Details

3
CVEList
CVE-2022-3725: Crash in the OPUS protocol dissector in Wireshark 32022-10-27
OSV
CVE-2022-3725: Crash in the OPUS protocol dissector in Wireshark 32022-10-27
GHSA
GHSA-3r9v-jg25-4p3p: Crash in the OPUS protocol dissector in Wireshark 32022-10-27

📋Vendor Advisories

2
Red Hat
wireshark: OPUS dissector crash2022-10-27
Debian
CVE-2022-3725: wireshark - Crash in the OPUS protocol dissector in Wireshark 3.6.0 to 3.6.8 allows denial o...2022
CVE-2022-3725 — Out-of-bounds Write in Wireshark | cvebase