It was discovered that in Wireshark before 3.6.2, 3.4.12 the CMS dissector could crash. It may be possible to make Wireshark crash by injecting a malformed packet onto the wire or by convincing someone to read a malformed packet trace file. Affected versions: 3.6.0 to 3.6.1, 3.4.0 to 3.4.11 Fixed versions: 3.6.2, 3.4.12 References: https://www.wireshark.org/security/wnpa-sec-2022-05 https://gitlab.com/wireshark/wireshark/-/issues/17935
Created wireshark tracking bugs for this issue: Affects: fedora-all [bug 2054061]
In reply to comment #0: > It was discovered that in Wireshark before 3.6.2, 3.4.12 the CMS dissector > could crash. It may be possible to make Wireshark crash by injecting a > malformed packet onto the wire or by convincing someone to read a malformed > packet trace file. > > Affected versions: 3.6.0 to 3.6.1, 3.4.0 to 3.4.11 > Fixed versions: 3.6.2, 3.4.12 > > References: > https://www.wireshark.org/security/wnpa-sec-2022-05 > https://gitlab.com/wireshark/wireshark/-/issues/17935 Marking not affected given our rhel wireshark release versions: enterprise_linux:8.1:appstream/wireshark-2.6.2-11.el8 enterprise_linux:8.2:appstream/wireshark-2.6.2-12.el8 enterprise_linux:8.4:appstream/wireshark-2.6.2-12.el8 enterprise_linux:8.5:appstream/wireshark-2.6.2-14.el8 enterprise_linux:9.0:appstream/wireshark-3.4.10-1.el9