It was discovered that in Wireshark before 3.6.2, 3.4.12 the CSN.1 protocol dissector could crash on some platforms. It may be possible to make Wireshark crash by injecting a malformed packet onto the wire or by convincing someone to read a malformed packet trace file. Affected versions: 3.6.0 to 3.6.1, 3.4.0 to 3.4.11 Fixed versions: 3.6.2, 3.4.12 References: https://www.wireshark.org/security/wnpa-sec-2022-04 https://gitlab.com/wireshark/wireshark/-/issues/17882
Created wireshark tracking bugs for this issue: Affects: fedora-all [bug 2054057]
In reply to comment #0: > It was discovered that in Wireshark before 3.6.2, 3.4.12 the CSN.1 protocol > dissector could crash on some platforms. It may be possible to make > Wireshark crash by injecting a malformed packet onto the wire or by > convincing someone to read a malformed packet trace file. > > Affected versions: 3.6.0 to 3.6.1, 3.4.0 to 3.4.11 > Fixed versions: 3.6.2, 3.4.12 > > References: > https://www.wireshark.org/security/wnpa-sec-2022-04 > https://gitlab.com/wireshark/wireshark/-/issues/17882 Marking not affected given our rhel wireshark release versions: enterprise_linux:8.1:appstream/wireshark-2.6.2-11.el8 enterprise_linux:8.2:appstream/wireshark-2.6.2-12.el8 enterprise_linux:8.4:appstream/wireshark-2.6.2-12.el8 enterprise_linux:8.5:appstream/wireshark-2.6.2-14.el8 enterprise_linux:9.0:appstream/wireshark-3.4.10-1.el9