Bug 2001867 (CVE-2021-22222) - CVE-2021-22222 wireshark: DVB-S2-BB dissector infinite loop
Summary: CVE-2021-22222 wireshark: DVB-S2-BB dissector infinite loop
Alias: CVE-2021-22222
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
Target Milestone: ---
Assignee: Red Hat Product Security
QA Contact:
Depends On: 2001868
Blocks: 2001869
TreeView+ depends on / blocked
Reported: 2021-09-07 11:13 UTC by msiddiqu
Modified: 2021-09-09 18:21 UTC (History)
9 users (show)

Fixed In Version: wireshark 3.4.6
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
Last Closed: 2021-09-09 18:21:08 UTC

Attachments (Terms of Use)

Description msiddiqu 2021-09-07 11:13:59 UTC
The DVB-S2-BB dissector could go into an infinite loop. It may be possible to make Wireshark consume excessive CPU resources by injecting a malformed packet onto the wire or by convincing someone to read a malformed packet trace file.

Comment 1 msiddiqu 2021-09-07 11:14:22 UTC
Created wireshark tracking bugs for this issue:

Affects: fedora-all [bug 2001868]

Comment 3 Garrett Tucker 2021-09-09 16:58:39 UTC
Flaw was introduced in the following commit: https://github.com/wireshark/wireshark/commit/4bf4ee88f0544727e7f89f3f288c6afd2f650a4c This commit was never introduced into any of our streams in RHEL 8 and below. RHEL 9 uses a fixed version of wireshark that does not contain this flaw. As such, no RHEL versions are affected by this flaw.

Comment 4 Product Security DevOps Team 2021-09-09 18:21:08 UTC
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s):


Note You need to log in before you can comment on or make changes to this bug.