CVE-2022-4345 — Infinite Loop in Wireshark

CWE-835 — Infinite Loop CWE-2647 documents7 sources

Severity

6.5MEDIUMNVD

CNA6.3CISA7.8

EPSS

0.1%

top 73.86%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Wireshark Wireshark Foundation Wireshark

Timeline

PublishedJan 12

Description

Infinite loops in the BPv6, OpenFlow, and Kafka protocol dissectors in Wireshark 4.0.0 to 4.0.1 and 3.6.0 to 3.6.9 allows denial of service via packet injection or crafted capture file

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:HExploitability: 2.8 | Impact: 3.6

Affected Packages3 packages

▶NVDwireshark/wireshark3.6.0 — 3.6.10+1

▶Debianwireshark/wireshark< 3.4.16-0+deb11u1+3

▶CVEListV5wireshark_foundation/wireshark>=3.6.0, <3.6.10, >=4.0.0, <4.0.2+1

🔴Vulnerability Details

CVEList

CVE-2022-4345: Infinite loops in the BPv6, OpenFlow, and Kafka protocol dissectors in Wireshark 4↗2023-01-12

▶

OSV

CVE-2022-4345: Infinite loops in the BPv6, OpenFlow, and Kafka protocol dissectors in Wireshark 4↗2023-01-12

▶

GHSA

GHSA-mp4c-w7j9-95f4: Infinite loops in the BPv6, OpenFlow, and Kafka protocol dissectors in Wireshark 4↗2023-01-12

▶

📋Vendor Advisories

Red Hat

wireshark: multiple (BPv6, OpenFlow, and Kafka protocol) dissector infinite loops↗2023-01-12

▶

CISA

Exim Privilege Escalation Vulnerability↗2022-03-25

▶

Debian

CVE-2022-4345: wireshark - Infinite loops in the BPv6, OpenFlow, and Kafka protocol dissectors in Wireshark...↗2022

▶