SB2022101709 - Gentoo update for Wireshark

CSH
CYBERSECURITY HELP
Sign In REGISTER

Main Vulnerability Database SB2022101709

SB2022101709 - Gentoo update for Wireshark

Published: October 17, 2022

Security Bulletin ID SB2022101709
CSH Severity
Medium
Patch available
YES
Number of vulnerabilities 21
Exploitation vector Remote access
Highest impact Denial of service

Breakdown by Severity

Medium 100%
  • Low
  • Medium
  • High
  • Critical

Description

This security bulletin contains information about 21 vulnerabilities.


1) Input validation error (CVE-ID: CVE-2021-22235)

CWE-ID: CWE-20 - Improper input validation

CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green


The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to insufficient validation of user-supplied input within the DNP dissector. A remote attacker can pass specially crafted input to the application and perform a denial of service (DoS) attack.


2) Input validation error (CVE-ID: CVE-2021-39920)

CWE-ID: CWE-20 - Improper input validation

CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green


The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to insufficient validation in the IPPUSB dissector. A remote attacker can send specially crafted packets through the application and perform a denial of service (DoS) attack.


3) Input validation error (CVE-ID: CVE-2021-39921)

CWE-ID: CWE-20 - Improper input validation

CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green


The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to insufficient validation in the Modbus dissector. A remote attacker can send specially crafted packets through the application and perform a denial of service (DoS) attack.


4) Input validation error (CVE-ID: CVE-2021-39922)

CWE-ID: CWE-20 - Improper input validation

CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green


The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to insufficient validation in the C12.22 dissector. A remote attacker can send specially crafted packets through the application and perform a denial of service (DoS) attack.


5) Infinite loop (CVE-ID: CVE-2021-39924)

CWE-ID: CWE-835 - Loop with Unreachable Exit Condition ('Infinite Loop')

CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green


The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to infinite loop in the Bluetooth DHT dissector. A remote attacker can send specially crafted packets through the application, consume all available system resources and perform a denial of service (DoS) attack.


6) Input validation error (CVE-ID: CVE-2021-39925)

CWE-ID: CWE-20 - Improper input validation

CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green


The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to insufficient validation in the Bluetooth SDP dissector. A remote attacker can send specially crafted packets through the application and perform a denial of service (DoS) attack.


7) Input validation error (CVE-ID: CVE-2021-39926)

CWE-ID: CWE-20 - Improper input validation

CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green


The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to insufficient validation in the Bluetooth HCI_ISO dissector. A remote attacker can send specially crafted packets through the application and perform a denial of service (DoS) attack.


8) Input validation error (CVE-ID: CVE-2021-39928)

CWE-ID: CWE-20 - Improper input validation

CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green


The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to insufficient validation in the IEEE 802.11 dissector. A remote attacker can send specially crafted packets through the application and perform a denial of service (DoS) attack.


9) Input validation error (CVE-ID: CVE-2021-39929)

CWE-ID: CWE-20 - Improper input validation

CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green


The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to insufficient validation in the Bluetooth DHT dissector. A remote attacker can send specially crafted packets through the application and perform a denial of service (DoS) attack.


10) Input validation error (CVE-ID: CVE-2021-4181)

CWE-ID: CWE-20 - Improper input validation

CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green


The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to insufficient validation of user-supplied input in the Sysdig Event dissector. A remote attacker can send specially crafted traffic over the network and perform a denial of service (DoS) attack.


11) Infinite loop (CVE-ID: CVE-2021-4182)

CWE-ID: CWE-835 - Loop with Unreachable Exit Condition ('Infinite Loop')

CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green


The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to infinite loop in RFC 7468 file parser. A remote attacker can trick the victim to open a specially crafted packet trace file and consume excessive CPU resources.


12) Input validation error (CVE-ID: CVE-2021-4183)

CWE-ID: CWE-20 - Improper input validation

CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green


The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to insufficient validation of user-supplied input in pcapng file parser. A remote attacker can trick the victim to open a malformed packet trace file and perform a denial of service (DoS) attack.


13) Infinite loop (CVE-ID: CVE-2021-4184)

CWE-ID: CWE-835 - Loop with Unreachable Exit Condition ('Infinite Loop')

CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green


The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to infinite loop in BitTorrent DHT dissector. A remote attacker can send specially crafted traffic over the network, consume all available system resources and cause denial of service conditions.


14) Infinite loop (CVE-ID: CVE-2021-4185)

CWE-ID: CWE-835 - Loop with Unreachable Exit Condition ('Infinite Loop')

CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green


The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to infinite loop in RTMPT dissector. A remote attacker can send specially crafted traffic over the network, consume all available system resources and cause denial of service conditions.


15) Input validation error (CVE-ID: CVE-2021-4186)

CWE-ID: CWE-20 - Improper input validation

CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green


The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to insufficient validation of user-supplied input in Gryphon dissector. A remote attacker can pass specially crafted traffic through the network and perform a denial of service (DoS) attack.


16) Infinite loop (CVE-ID: CVE-2021-4190)

CWE-ID: CWE-835 - Loop with Unreachable Exit Condition ('Infinite Loop')

CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green


The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to infinite loop in Kafka protocol dissector. A remote attacker can send specially crafted traffic over the network, consume all available system resources and cause denial of service conditions.


17) Input validation error (CVE-ID: CVE-2022-0581)

CWE-ID: CWE-20 - Improper input validation

CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green


The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to insufficient validation of user-supplied input in CMS dissector. A remote attacker can send specially crafted packets over the network and perform a denial of service (DoS) attack.


18) Input validation error (CVE-ID: CVE-2022-0582)

CWE-ID: CWE-20 - Improper input validation

CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green


The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to insufficient validation of user-supplied input in CSN.1 dissector. A remote attacker can send specially crafted packets over the network and perform a denial of service (DoS) attack.


19) Input validation error (CVE-ID: CVE-2022-0583)

CWE-ID: CWE-20 - Improper input validation

CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green


The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to insufficient validation of user-supplied input in PVFS dissector. A remote attacker can send specially crafted packets over the network and perform a denial of service (DoS) attack.


20) Infinite loop (CVE-ID: CVE-2022-0585)

CWE-ID: CWE-835 - Loop with Unreachable Exit Condition ('Infinite Loop')

CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green


The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to large loops in multiple dissectors including AMP, ATN-ULCS and possibly other ASN.1 PER dissectors, BP, GDSDB, OpenFlow v5, P_MUL, SoulSeek, TDS, WBXML, WSP and possibly other WAP dissectors, and ZigBee ZCL. A remote attacker can send specially crafted packets over the network, consume all available system resources and cause denial of service conditions.


21) Infinite loop (CVE-ID: CVE-2022-0586)

CWE-ID: CWE-835 - Loop with Unreachable Exit Condition ('Infinite Loop')

CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green


The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to infinite loop in RTMPT dissector. A remote attacker can send specially crafted packets over the network, consume all available system resources and cause denial of service conditions.


Remediation

Install update from vendor's website.

References