Fedora Account System
Red Hat Associate
Red Hat Customer
It was discovered that in Wireshark before 3.6.2, 3.4.12 the CMS dissector could crash. It may be possible to make Wireshark crash by injecting a malformed packet onto the wire or by convincing someone to read a malformed packet trace file. Affected versions: 3.6.0 to 3.6.1, 3.4.0 to 3.4.11 Fixed versions: 3.6.2, 3.4.12 References: https://www.wireshark.org/security/wnpa-sec-2022-05 https://gitlab.com/wireshark/wireshark/-/issues/17935
Created wireshark tracking bugs for this issue: Affects: fedora-all [bug 2054061]
In reply to comment #0: > It was discovered that in Wireshark before 3.6.2, 3.4.12 the CMS dissector > could crash. It may be possible to make Wireshark crash by injecting a > malformed packet onto the wire or by convincing someone to read a malformed > packet trace file. > > Affected versions: 3.6.0 to 3.6.1, 3.4.0 to 3.4.11 > Fixed versions: 3.6.2, 3.4.12 > > References: > https://www.wireshark.org/security/wnpa-sec-2022-05 > https://gitlab.com/wireshark/wireshark/-/issues/17935 Marking not affected given our rhel wireshark release versions: enterprise_linux:8.1:appstream/wireshark-2.6.2-11.el8 enterprise_linux:8.2:appstream/wireshark-2.6.2-12.el8 enterprise_linux:8.4:appstream/wireshark-2.6.2-12.el8 enterprise_linux:8.5:appstream/wireshark-2.6.2-14.el8 enterprise_linux:9.0:appstream/wireshark-3.4.10-1.el9