CVE-2022-0586

MEDIUM

Wireshark <3.6.1, <3.4.12 - DoS

Title source: llm

Description

Infinite loop in RTMPT protocol dissector in Wireshark 3.6.0 to 3.6.1 and 3.4.0 to 3.4.11 allows denial of service via packet injection or crafted capture file

References (8)

[Mailing List, Third Party Advisory] https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HRJ24JRKLA6XMDKLGVTOPM5KBBU4UHLN/

[Mailing List, Third Party Advisory] https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/V3DZD2JU56ZI4XV2B3HGVGA5PXQDNA5T/

[Mailing List, Third Party Advisory] https://lists.debian.org/debian-lts-announce/2022/03/msg00041.html

[Third Party Advisory] https://security.gentoo.org/glsa/202210-04

[Third Party Advisory] https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-0586.json

View Writeup ZIP pw:eip

[Exploit, Issue Tracking, Third Party Advisory] https://gitlab.com/wireshark/wireshark/-/issues/17813

[Mailing List] https://lists.debian.org/debian-lts-announce/2024/09/msg00049.html

[Issue Tracking, Vendor Advisory] https://www.wireshark.org/security/wnpa-sec-2022-01.html

Scores

CVSS v3 6.3

EPSS 0.0002

EPSS Percentile 6.6%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L

Details

CWE

CWE-835

Status published

Products (4)

debian/debian_linux 9.0

fedoraproject/fedora 34

fedoraproject/fedora 35

wireshark/wireshark 3.4.0 - 3.4.12

Published Feb 14, 2022

Tracked Since Feb 18, 2026