gsd-2022-3190
Vulnerability from gsd
Modified
2023-12-13 01:19
Details
Infinite loop in the F5 Ethernet Trailer protocol dissector in Wireshark 3.6.0 to 3.6.7 and 3.4.0 to 3.4.15 allows denial of service via packet injection or crafted capture file
Aliases
Aliases
CVE-2022-3190


To clipboard 

{
  "GSD": {
    "alias": "CVE-2022-3190",
    "description": "Infinite loop in the F5 Ethernet Trailer protocol dissector in Wireshark 3.6.0 to 3.6.7 and 3.4.0 to 3.4.15 allows denial of service via packet injection or crafted capture file",
    "id": "GSD-2022-3190",
    "references": [
      "https://www.suse.com/security/cve/CVE-2022-3190.html"
    ]
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2022-3190"
      ],
      "details": "Infinite loop in the F5 Ethernet Trailer protocol dissector in Wireshark 3.6.0 to 3.6.7 and 3.4.0 to 3.4.15 allows denial of service via packet injection or crafted capture file",
      "id": "GSD-2022-3190",
      "modified": "2023-12-13T01:19:39.967213Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "cve@gitlab.com",
        "ID": "CVE-2022-3190",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "Wireshark",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "\u003e=3.6.0, \u003c3.6.8"
                        },
                        {
                          "version_value": "\u003e=3.4.0, \u003c3.4.16"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "SharkFest Foundation"
            }
          ]
        }
      },
      "credit": [
        {
          "lang": "eng",
          "value": "Jason Cohen"
        }
      ],
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "Infinite loop in the F5 Ethernet Trailer protocol dissector in Wireshark 3.6.0 to 3.6.7 and 3.4.0 to 3.4.15 allows denial of service via packet injection or crafted capture file"
          }
        ]
      },
      "impact": {
        "cvss": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "LOW",
          "baseScore": 6.2,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "LOW",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L",
          "version": "3.1"
        }
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "Loop with unreachable exit condition (\u0027infinite loop\u0027) in Wireshark"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "https://www.wireshark.org/security/wnpa-sec-2022-06.html",
            "refsource": "MISC",
            "url": "https://www.wireshark.org/security/wnpa-sec-2022-06.html"
          },
          {
            "name": "https://gitlab.com/wireshark/wireshark/-/issues/18307",
            "refsource": "MISC",
            "url": "https://gitlab.com/wireshark/wireshark/-/issues/18307"
          },
          {
            "name": "https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-3190.json",
            "refsource": "CONFIRM",
            "url": "https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-3190.json"
          },
          {
            "name": "FEDORA-2022-1f2fbb087e",
            "refsource": "FEDORA",
            "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YR5LIOF5VKS4DC2NQWXTMPPXOYJC46XC/"
          },
          {
            "name": "FEDORA-2022-9d4aa8a486",
            "refsource": "FEDORA",
            "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CH4NUKZKPY4MFQHFBTONJK2AWES4DFDA/"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:wireshark:wireshark:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "3.4.16",
                "versionStartIncluding": "3.4.0",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:wireshark:wireshark:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "3.6.8",
                "versionStartIncluding": "3.6.0",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:o:fedoraproject:fedora:36:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:fedoraproject:fedora:37:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@gitlab.com",
          "ID": "CVE-2022-3190"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "Infinite loop in the F5 Ethernet Trailer protocol dissector in Wireshark 3.6.0 to 3.6.7 and 3.4.0 to 3.4.15 allows denial of service via packet injection or crafted capture file"
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-835"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-3190.json",
              "refsource": "CONFIRM",
              "tags": [
                "Third Party Advisory",
                "VDB Entry"
              ],
              "url": "https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-3190.json"
            },
            {
              "name": "https://gitlab.com/wireshark/wireshark/-/issues/18307",
              "refsource": "MISC",
              "tags": [
                "Exploit",
                "Third Party Advisory"
              ],
              "url": "https://gitlab.com/wireshark/wireshark/-/issues/18307"
            },
            {
              "name": "https://www.wireshark.org/security/wnpa-sec-2022-06.html",
              "refsource": "MISC",
              "tags": [
                "Exploit",
                "Issue Tracking",
                "Third Party Advisory"
              ],
              "url": "https://www.wireshark.org/security/wnpa-sec-2022-06.html"
            },
            {
              "name": "FEDORA-2022-1f2fbb087e",
              "refsource": "FEDORA",
              "tags": [
                "Mailing List",
                "Third Party Advisory"
              ],
              "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YR5LIOF5VKS4DC2NQWXTMPPXOYJC46XC/"
            },
            {
              "name": "FEDORA-2022-9d4aa8a486",
              "refsource": "FEDORA",
              "tags": [
                "Mailing List",
                "Third Party Advisory"
              ],
              "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CH4NUKZKPY4MFQHFBTONJK2AWES4DFDA/"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV3": {
          "cvssV3": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "exploitabilityScore": 1.8,
          "impactScore": 3.6
        }
      },
      "lastModifiedDate": "2023-02-28T15:31Z",
      "publishedDate": "2022-09-13T15:15Z"
    }
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.