The DNP dissector could crash. It may be possible to make Wireshark crash by injecting a malformed packet onto the wire or by convincing someone to read a malformed packet trace file.
Bug was introduced in the following commit that intended to fix a memory leak: https://gitlab.com/wireshark/wireshark/-/commit/618661b22e34a59b21117db723d8ff91e064d4ba However, due to the version used in RHEL-8 and below, this commit was never introduced to our stream. As such we are not vulnerable or affected by this CVE. RHEL-9 uses an already patched version that has this CVE Fixed. As such no RHEL Versions are affected.
Comment 3Product Security DevOps Team
2021-09-09 18:21:12 UTC