Lucene search

[email protected]CVE-2022-0585

HistoryFeb 18, 2022 - 6:15 p.m.

CVE-2022-0585

2022-02-1818:15:11

CWE-834

[email protected]

web.nvd.nist.gov

180

cve-2022-0585

wireshark

protocol dissectors

denial of service

nvd

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:N/I:N/A:P

6.5 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

7.7 High

AI Score

Confidence

High

0.004 Low

EPSS

Percentile

73.8%

JSON

Large loops in multiple protocol dissectors in Wireshark 3.6.0 to 3.6.1 and 3.4.0 to 3.4.11 allow denial of service via packet injection or crafted capture file

Affected configurations

NVD

Node

wiresharkwiresharkRange3.4.0–3.4.12

wiresharkwiresharkRange3.6.0–3.6.2

Node

fedoraprojectfedoraMatch34

fedoraprojectfedoraMatch35

Node

debiandebian_linuxMatch9.0

CPENameOperatorVersion
wireshark:wiresharkwiresharklt3.4.12
wireshark:wiresharkwiresharklt3.6.2

CPE	Name	Operator	Version
wireshark:wireshark	wireshark	lt	3.4.12
wireshark:wireshark	wireshark	lt	3.6.2

CNA Affected

[
  {
    "vendor": "Wireshark Foundation",
    "product": "Wireshark",
    "versions": [
      {
        "version": ">=3.6.0, <3.6.2",
        "status": "affected"
      },
      {
        "version": ">=3.4.0, <3.4.12",
        "status": "affected"
      }
    ]
  }
]