Bug 2256661 (CVE-2024-0207)

Summary:	CVE-2024-0207 wireshark: HTTP3 dissector crash via packet injection or crafted capture file
Product:	[Other] Security Response	Reporter:	Mauro Matteo Cascella <mcascell>
Component:	vulnerability	Assignee:	Product Security <prodsec-ir-bot>
Status:	CLOSED RAWHIDE	QA Contact:
Severity:	medium	Docs Contact:
Priority:	medium
Version:	unspecified	CC:	mruprich
Target Milestone:	---	Keywords:	Security
Target Release:	---
Hardware:	All
OS:	Linux
Whiteboard:
Fixed In Version:	wireshark 4.2.1	Doc Type:	If docs needed, set a value
Doc Text:	A flaw was found in the HTTP3 dissector of Wireshark. It may be possible to make Wireshark crash by injecting a malformed packet onto the wire or by convincing someone to read a malformed packet trace file.	Story Points:	---
Clone Of:		Environment:
Last Closed:	2024-02-01 15:41:08 UTC	Type:	---
Regression:	---	Mount Type:	---
Documentation:	---	CRM:
Verified Versions:		Category:	---
oVirt Team:	---	RHEL 7.3 requirements from Atomic Host:
Cloudforms Team:	---	Target Upstream Version:
Embargoed:
Bug Depends On:	2256662
Bug Blocks:	2256664

Description Mauro Matteo Cascella 2024-01-03 17:02:40 UTC

HTTP3 dissector crash in Wireshark 4.2.0 allows denial of service via packet injection or crafted capture file.

References:
https://www.wireshark.org/security/wnpa-sec-2024-03.html
https://gitlab.com/wireshark/wireshark/-/issues/19502
https://nvd.nist.gov/vuln/detail/CVE-2024-0207

Comment 1 Mauro Matteo Cascella 2024-01-03 17:03:16 UTC

Created wireshark tracking bugs for this issue:

Affects: fedora-all [bug 2256662]

Comment 3 Michal Ruprich 2024-02-01 15:41:08 UTC

This is fixed in current Rawhide build. Older 4.0.x releases do not have the qpack related code.

https://koji.fedoraproject.org/koji/taskinfo?taskID=112740312