Fedora Account System
Red Hat Associate
Red Hat Customer
It was discovered that in Wireshark before 3.6.2, 3.4.12 the CSN.1 protocol dissector could crash on some platforms. It may be possible to make Wireshark crash by injecting a malformed packet onto the wire or by convincing someone to read a malformed packet trace file. Affected versions: 3.6.0 to 3.6.1, 3.4.0 to 3.4.11 Fixed versions: 3.6.2, 3.4.12 References: https://www.wireshark.org/security/wnpa-sec-2022-04 https://gitlab.com/wireshark/wireshark/-/issues/17882
Created wireshark tracking bugs for this issue: Affects: fedora-all [bug 2054057]
In reply to comment #0: > It was discovered that in Wireshark before 3.6.2, 3.4.12 the CSN.1 protocol > dissector could crash on some platforms. It may be possible to make > Wireshark crash by injecting a malformed packet onto the wire or by > convincing someone to read a malformed packet trace file. > > Affected versions: 3.6.0 to 3.6.1, 3.4.0 to 3.4.11 > Fixed versions: 3.6.2, 3.4.12 > > References: > https://www.wireshark.org/security/wnpa-sec-2022-04 > https://gitlab.com/wireshark/wireshark/-/issues/17882 Marking not affected given our rhel wireshark release versions: enterprise_linux:8.1:appstream/wireshark-2.6.2-11.el8 enterprise_linux:8.2:appstream/wireshark-2.6.2-12.el8 enterprise_linux:8.4:appstream/wireshark-2.6.2-12.el8 enterprise_linux:8.5:appstream/wireshark-2.6.2-14.el8 enterprise_linux:9.0:appstream/wireshark-3.4.10-1.el9