In Wireshark 3.2.0 to 3.2.5, the Kafka protocol dissector could crash. This was addressed in epan/dissectors/packet-kafka.c by avoiding a double free during LZ4 decompression.
Created wireshark tracking bugs for this issue:
Affects: fedora-all [bug 1868886]
Wireshark as shipped with Red Hat Enterprise Linux 5, 6, 7, and 8 is not affected because the vulnerable code was committed in newer versions of the package than those shipped.
A double-free in /epan/dissectors/packet-kafka.c's lz4 decompression functionality allowed for a crash of wireshark when processing a specially crafted packet. This could result in a temporary denial of service.
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s):