Lucene search

K
kasperskyKaspersky LabKLA12488
HistoryFeb 10, 2022 - 12:00 a.m.

KLA12488 Multiple vulnerabilities in Wireshark

2022-02-1000:00:00
Kaspersky Lab
threats.kaspersky.com
91

CVSS2

7.8

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:N/I:N/A:C

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

7.5

Confidence

High

EPSS

0.01

Percentile

83.4%

Multiple vulnerabilities were found in Wireshark. Malicious users can exploit these vulnerabilities to cause denial of service.

Below is a complete list of vulnerabilities:

  1. Denial of service vulnerability in RTMPT dissector can be exploited via special crafted packet to cause denial of service.
  2. Denial of service vulnerability in CMS dissector can be exploited via special crafted packet to cause denial of service.
  3. Denial of service vulnerability in multiple dissectors can be exploited via special crafted packet to cause denial of service.
  4. Denial of service vulnerability in CSN.1 dissector can be exploited via special crafted packet to cause denial of service.
  5. Denial of service vulnerability in PVFS dissector can be exploited via special crafted packet to cause denial of service.

Original advisories

RTMPT dissector infinite loop

Large loops in multiple dissectors

PVFS dissector crash

CSN.1 dissector crash

CMS dissector crash

Related products

Wireshark

CVE list

CVE-2022-0586 critical

CVE-2022-0581 critical

CVE-2022-0585 high

CVE-2022-0582 critical

CVE-2022-0583 critical

Solution

Update to the latest version

Download Wireshark

Impacts

  • DoS

Denial of service. Exploitation of vulnerabilities with this impact can lead to loss of system availability or critical functional fault.

Affected Products

  • Wireshark 3.4.x earlier than 3.4.12Wireshark 3.6.x earlier than 3.6.2

CVSS2

7.8

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:N/I:N/A:C

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

7.5

Confidence

High

EPSS

0.01

Percentile

83.4%