CVE-2022-0585

MEDIUM

Wireshark <3.6.1, <3.4.12 - DoS

Title source: llm

Description

Large loops in multiple protocol dissectors in Wireshark 3.6.0 to 3.6.1 and 3.4.0 to 3.4.11 allow denial of service via packet injection or crafted capture file

References (7)

[Mailing List, Third Party Advisory] https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HRJ24JRKLA6XMDKLGVTOPM5KBBU4UHLN/

[Mailing List, Third Party Advisory] https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/V3DZD2JU56ZI4XV2B3HGVGA5PXQDNA5T/

[Mailing List, Third Party Advisory] https://lists.debian.org/debian-lts-announce/2022/03/msg00041.html

[Third Party Advisory] https://security.gentoo.org/glsa/202210-04

[Mailing List] https://lists.debian.org/debian-lts-announce/2024/09/msg00049.html

[Third Party Advisory] https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-0585.json

View Writeup ZIP pw:eip

[Exploit, Vendor Advisory] https://www.wireshark.org/security/wnpa-sec-2022-02.html

Scores

CVSS v3 4.3

EPSS 0.0005

EPSS Percentile 15.4%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L

Details

CWE

CWE-834

Status published

Products (4)

debian/debian_linux 9.0

fedoraproject/fedora 34

fedoraproject/fedora 35

wireshark/wireshark 3.4.0 - 3.4.12

Published Feb 18, 2022

Tracked Since Feb 18, 2026