Recent Vulnerabilities Research Posts Trends Blog About Contact

Related Vulnerabilities: CVE-2021-39920 CVE-2021-39921 CVE-2021-39922 CVE-2021-39923 CVE-2021-39924 CVE-2021-39925 CVE-2021-39926 CVE-2021-39928 CVE-2021-39929 CVE-2021-4181 CVE-2021-4182 CVE-2021-4184 CVE-2021-4185 CVE-2021-4186 CVE-2021-4190 CVE-2022-0581 CVE-2022-0582 CVE-2022-0583 CVE-2022-0585 CVE-2022-0586

A NULL pointer exception flaw was found in Wireshark. A process failure on crafted or malformed input in the IPPUSB dissector can cause a denial of service via a packet injection or a crafted capture file. (CVE-2021-39920) A NULL pointer exception flaw was found in Wireshark. A process failure on crafted or malformed input in the Modbus dissector can cause a denial of service via a packet injection or crafted capture file. (CVE-2021-39921) A flaw was found in Wireshark. A process failure on crafted or malformed ANSI C12.22 input can cause a denial of service via packet injection or a crafted capture file. (CVE-2021-39922) A flaw was found in Wireshark. A process failure consumes excessive CPU resources on crafted or malformed PNRP input and can cause a denial of service. (CVE-2021-39923) A flaw was found in Wireshark. A process failure on crafted or malformed Bluetooth DHT input can cause a denial of service via packet injection or a crafted capture file. (CVE-2021-39924) A flaw was found in Wireshark. A process failure on crafted or malformed Bluetooth SDP input can cause a denial of service via packet injection or a crafted capture file. (CVE-2021-39925) A flaw was found in Wireshark. A process failure on crafted or malformed HCI_ISO input can cause a denial of service via packet injection or a crafted capture file. (CVE-2021-39926) A flaw was found in Wireshark. A process failure on crafted or malformed IEEE 802.11 input can cause a denial of service via packet injection or a crafted capture file. (CVE-2021-39928) A flaw was found in Wireshark. A process failure on crafted or malformed Bluetooth DHT input can cause a denial of service. (CVE-2021-39929) A denial of service via packet injection flaw was found in wireshark. An attacker with local network access could pass specially crafted capture files causing an application to halt or crash, leading to a denial of service. (CVE-2021-4181) A parser infinite-loop flaw was found in wireshark. An attacker with local network access could pass specially crafted capture files causing an application to halt, crash, or infinite loop. (CVE-2021-4182) An infinite-loop flaw was found in Wireshark's DHT dissector module. This flaw allows an attacker with local network access to pass specially crafted capture files, causing an application to halt, crash or go into an infinite loop. (CVE-2021-4184) An infinite-loop flaw was found in Wireshark RTMPT. This flaw allows an attacker with local network access to pass specially crafted capture files, causing an application to halt, crash, or go into an infinite loop. (CVE-2021-4185) A segmentation issue was found in Wireshark. This flaw allows an attacker with local network access to pass specially crafted capture files, causing an application to halt or crash. (CVE-2021-4186) An infinite-loop flaw was found in Wireshark. This flaw allows an attacker with local network access to pass specially crafted capture files, causing an application to halt, crash, or go into an infinite loop. (CVE-2021-4190) Crash in the CMS protocol dissector in Wireshark 3.6.0 to 3.6.1 and 3.4.0 to 3.4.11 allows denial of service via packet injection or crafted capture file (CVE-2022-0581) Unaligned access in the CSN.1 protocol dissector in Wireshark 3.6.0 to 3.6.1 and 3.4.0 to 3.4.11 allows denial of service via packet injection or crafted capture file (CVE-2022-0582) Crash in the PVFS protocol dissector in Wireshark 3.6.0 to 3.6.1 and 3.4.0 to 3.4.11 allows denial of service via packet injection or crafted capture file (CVE-2022-0583) Large loops in multiple protocol dissectors in Wireshark 3.6.0 to 3.6.1 and 3.4.0 to 3.4.11 allow denial of service via packet injection or crafted capture file (CVE-2022-0585) Infinite loop in RTMPT protocol dissector in Wireshark 3.6.0 to 3.6.1 and 3.4.0 to 3.4.11 allows denial of service via packet injection or crafted capture file (CVE-2022-0586)

Source

ALAS2022-2022-079

Amazon Linux 2022 Security Advisory: ALAS-2022-079
Advisory Release Date: 2022-05-18 00:42 Pacific
Advisory Updated Date: 2022-05-19 18:35 Pacific

Severity: Medium

References: CVE-2021-39920 CVE-2021-39921 CVE-2021-39922 CVE-2021-39923 CVE-2021-39924 CVE-2021-39925 CVE-2021-39926 CVE-2021-39928 CVE-2021-39929 CVE-2021-4181 CVE-2021-4182 CVE-2021-4184 CVE-2021-4185 CVE-2021-4186 CVE-2021-4190 CVE-2022-0581 CVE-2022-0582 CVE-2022-0583 CVE-2022-0585 CVE-2022-0586

Issue Overview:

A NULL pointer exception flaw was found in Wireshark. A process failure on crafted or malformed input in the IPPUSB dissector can cause a denial of service via a packet injection or a crafted capture file. (CVE-2021-39920)

A NULL pointer exception flaw was found in Wireshark. A process failure on crafted or malformed input in the Modbus dissector can cause a denial of service via a packet injection or crafted capture file. (CVE-2021-39921)

A flaw was found in Wireshark. A process failure on crafted or malformed ANSI C12.22 input can cause a denial of service via packet injection or a crafted capture file. (CVE-2021-39922)

A flaw was found in Wireshark. A process failure consumes excessive CPU resources on crafted or malformed PNRP input and can cause a denial of service. (CVE-2021-39923)

A flaw was found in Wireshark. A process failure on crafted or malformed Bluetooth DHT input can cause a denial of service via packet injection or a crafted capture file. (CVE-2021-39924)

A flaw was found in Wireshark. A process failure on crafted or malformed Bluetooth SDP input can cause a denial of service via packet injection or a crafted capture file. (CVE-2021-39925)

A flaw was found in Wireshark. A process failure on crafted or malformed HCI_ISO input can cause a denial of service via packet injection or a crafted capture file. (CVE-2021-39926)

A flaw was found in Wireshark. A process failure on crafted or malformed IEEE 802.11 input can cause a denial of service via packet injection or a crafted capture file. (CVE-2021-39928)

A flaw was found in Wireshark. A process failure on crafted or malformed Bluetooth DHT input can cause a denial of service. (CVE-2021-39929)

A denial of service via packet injection flaw was found in wireshark. An attacker with local network access could pass specially crafted capture files causing an application to halt or crash, leading to a denial of service. (CVE-2021-4181)

A parser infinite-loop flaw was found in wireshark. An attacker with local network access could pass specially crafted capture files causing an application to halt, crash, or infinite loop. (CVE-2021-4182)

An infinite-loop flaw was found in Wireshark's DHT dissector module. This flaw allows an attacker with local network access to pass specially crafted capture files, causing an application to halt, crash or go into an infinite loop. (CVE-2021-4184)

An infinite-loop flaw was found in Wireshark RTMPT. This flaw allows an attacker with local network access to pass specially crafted capture files, causing an application to halt, crash, or go into an infinite loop. (CVE-2021-4185)

A segmentation issue was found in Wireshark. This flaw allows an attacker with local network access to pass specially crafted capture files, causing an application to halt or crash. (CVE-2021-4186)

An infinite-loop flaw was found in Wireshark. This flaw allows an attacker with local network access to pass specially crafted capture files, causing an application to halt, crash, or go into an infinite loop. (CVE-2021-4190)

Crash in the CMS protocol dissector in Wireshark 3.6.0 to 3.6.1 and 3.4.0 to 3.4.11 allows denial of service via packet injection or crafted capture file (CVE-2022-0581)

Unaligned access in the CSN.1 protocol dissector in Wireshark 3.6.0 to 3.6.1 and 3.4.0 to 3.4.11 allows denial of service via packet injection or crafted capture file (CVE-2022-0582)

Crash in the PVFS protocol dissector in Wireshark 3.6.0 to 3.6.1 and 3.4.0 to 3.4.11 allows denial of service via packet injection or crafted capture file (CVE-2022-0583)

Large loops in multiple protocol dissectors in Wireshark 3.6.0 to 3.6.1 and 3.4.0 to 3.4.11 allow denial of service via packet injection or crafted capture file (CVE-2022-0585)

Infinite loop in RTMPT protocol dissector in Wireshark 3.6.0 to 3.6.1 and 3.4.0 to 3.4.11 allows denial of service via packet injection or crafted capture file (CVE-2022-0586)

Affected Packages:

wireshark

Issue Correction:
Run dnf update --releasever=2022.0.20220518 wireshark to update your system.

New Packages:

aarch64:
    wireshark-cli-debuginfo-3.6.2-1.amzn2022.0.1.aarch64
    wireshark-cli-3.6.2-1.amzn2022.0.1.aarch64
    wireshark-devel-3.6.2-1.amzn2022.0.1.aarch64
    wireshark-debugsource-3.6.2-1.amzn2022.0.1.aarch64

i686:
    wireshark-devel-3.6.2-1.amzn2022.0.1.i686
    wireshark-cli-debuginfo-3.6.2-1.amzn2022.0.1.i686
    wireshark-cli-3.6.2-1.amzn2022.0.1.i686
    wireshark-debugsource-3.6.2-1.amzn2022.0.1.i686

src:
    wireshark-3.6.2-1.amzn2022.0.1.src

x86_64:
    wireshark-cli-debuginfo-3.6.2-1.amzn2022.0.1.x86_64
    wireshark-devel-3.6.2-1.amzn2022.0.1.x86_64
    wireshark-cli-3.6.2-1.amzn2022.0.1.x86_64
    wireshark-debugsource-3.6.2-1.amzn2022.0.1.x86_64

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

ALAS2022-2022-079

ALAS2022-2022-079

Vulmon Search

About

Products

Connect