Fedora Account System
Red Hat Associate
Red Hat Customer
It was discovered that in Wireshark before 3.6.2, 3.4.12 the PVFS dissector could crash. It may be possible to make Wireshark crash by injecting a malformed packet onto the wire or by convincing someone to read a malformed packet trace file. Affected versions: 3.6.0 to 3.6.1, 3.4.0 to 3.4.11 Fixed versions: 3.6.2, 3.4.12 References: https://www.wireshark.org/security/wnpa-sec-2022-03 https://gitlab.com/wireshark/wireshark/-/issues/17840
Created wireshark tracking bugs for this issue: Affects: fedora-all [bug 2054052]
In reply to comment #0: > It was discovered that in Wireshark before 3.6.2, 3.4.12 the PVFS dissector > could crash. It may be possible to make Wireshark crash by injecting a > malformed packet onto the wire or by convincing someone to read a malformed > packet trace file. > > Affected versions: 3.6.0 to 3.6.1, 3.4.0 to 3.4.11 > Fixed versions: 3.6.2, 3.4.12 > > References: > https://www.wireshark.org/security/wnpa-sec-2022-03 > https://gitlab.com/wireshark/wireshark/-/issues/17840 Marking not affected given our rhel wireshark release versions: enterprise_linux:8.1:appstream/wireshark-2.6.2-11.el8 enterprise_linux:8.2:appstream/wireshark-2.6.2-12.el8 enterprise_linux:8.4:appstream/wireshark-2.6.2-12.el8 enterprise_linux:8.5:appstream/wireshark-2.6.2-14.el8 enterprise_linux:9.0:appstream/wireshark-3.4.10-1.el9