CVE-2022-4344Uncontrolled Resource Consumption in Wireshark

CWE-400Uncontrolled Resource ConsumptionCWE-119Improper Restriction of Operations within the Bounds of a Memory Buffer9 documents8 sources
Severity
4.3MEDIUMNVD
CNA6.3CISA9.8CISA7.8
EPSS
0.1%
top 66.63%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
WiresharkWireshark Foundation Wireshark
Timeline
PublishedJan 12

Description

Memory exhaustion in the Kafka protocol dissector in Wireshark 4.0.0 to 4.0.1 and 3.6.0 to 3.6.9 allows denial of service via packet injection or crafted capture file

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:LExploitability: 2.8 | Impact: 1.4

Affected Packages3 packages

NVDwireshark/wireshark3.0.03.6.10+1
Debianwireshark/wireshark< 3.4.16-0+deb11u1+3
CVEListV5wireshark_foundation/wireshark>=3.6.0, <3.6.10, >=4.0.0, <4.0.2+1

🔴Vulnerability Details

3
GHSA
GHSA-6q39-qvw3-75jq: Memory exhaustion in the Kafka protocol dissector in Wireshark 42023-01-12
OSV
CVE-2022-4344: Memory exhaustion in the Kafka protocol dissector in Wireshark 42023-01-12
CVEList
CVE-2022-4344: Memory exhaustion in the Kafka protocol dissector in Wireshark 42023-01-11

📋Vendor Advisories

5
Red Hat
wireshark: kafka dissector memory exhaustion.2023-01-12
Microsoft
Memory exhaustion in the Kafka protocol dissector in Wireshark 4.0.0 to 4.0.1 and 3.6.0 to 3.6.9 allows denial of service via packet injection or crafted capture file2023-01-10
CISA
Apple Multiple Products Memory Corruption Vulnerability2022-06-27
CISA
Exim Heap-Based Buffer Overflow Vulnerability2022-03-25
Debian
CVE-2022-4344: wireshark - Memory exhaustion in the Kafka protocol dissector in Wireshark 4.0.0 to 4.0.1 an...2022
CVE-2022-4344 — Uncontrolled Resource Consumption | cvebase