HTTP3 dissector crash in Wireshark 4.2.0 allows denial of service via packet injection or crafted capture file. References: https://www.wireshark.org/security/wnpa-sec-2024-03.html https://gitlab.com/wireshark/wireshark/-/issues/19502 https://nvd.nist.gov/vuln/detail/CVE-2024-0207
Created wireshark tracking bugs for this issue: Affects: fedora-all [bug 2256662]
This is fixed in current Rawhide build. Older 4.0.x releases do not have the qpack related code. https://koji.fedoraproject.org/koji/taskinfo?taskID=112740312