SB2022101709 - Gentoo update for Wireshark
Published: October 17, 2022
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 21 secuirty vulnerabilities.
1) Input validation error (CVE-ID: CVE-2021-22235)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to insufficient validation of user-supplied input within the DNP dissector. A remote attacker can pass specially crafted input to the application and perform a denial of service (DoS) attack.
2) Input validation error (CVE-ID: CVE-2021-39920)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to insufficient validation in the IPPUSB dissector. A remote attacker can send specially crafted packets through the application and perform a denial of service (DoS) attack.
3) Input validation error (CVE-ID: CVE-2021-39921)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to insufficient validation in the Modbus dissector. A remote attacker can send specially crafted packets through the application and perform a denial of service (DoS) attack.
4) Input validation error (CVE-ID: CVE-2021-39922)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to insufficient validation in the C12.22 dissector. A remote attacker can send specially crafted packets through the application and perform a denial of service (DoS) attack.
5) Infinite loop (CVE-ID: CVE-2021-39924)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to infinite loop in the Bluetooth DHT dissector. A remote attacker can send specially crafted packets through the application, consume all available system resources and perform a denial of service (DoS) attack.
6) Input validation error (CVE-ID: CVE-2021-39925)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to insufficient validation in the Bluetooth SDP dissector. A remote attacker can send specially crafted packets through the application and perform a denial of service (DoS) attack.
7) Input validation error (CVE-ID: CVE-2021-39926)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to insufficient validation in the Bluetooth HCI_ISO dissector. A remote attacker can send specially crafted packets through the application and perform a denial of service (DoS) attack.
8) Input validation error (CVE-ID: CVE-2021-39928)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to insufficient validation in the IEEE 802.11 dissector. A remote attacker can send specially crafted packets through the application and perform a denial of service (DoS) attack.
9) Input validation error (CVE-ID: CVE-2021-39929)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to insufficient validation in the Bluetooth DHT dissector. A remote attacker can send specially crafted packets through the application and perform a denial of service (DoS) attack.
10) Input validation error (CVE-ID: CVE-2021-4181)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to insufficient validation of user-supplied input in the Sysdig Event dissector. A remote attacker can send specially crafted traffic over the network and perform a denial of service (DoS) attack.
11) Infinite loop (CVE-ID: CVE-2021-4182)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to infinite loop in RFC 7468 file parser. A remote attacker can trick the victim to open a specially crafted packet trace file and consume excessive CPU resources.
12) Input validation error (CVE-ID: CVE-2021-4183)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to insufficient validation of user-supplied input in pcapng file parser. A remote attacker can trick the victim to open a malformed packet trace file and perform a denial of service (DoS) attack.
13) Infinite loop (CVE-ID: CVE-2021-4184)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to infinite loop in BitTorrent DHT dissector. A remote attacker can send specially crafted traffic over the network, consume all available system resources and cause denial of service conditions.
14) Infinite loop (CVE-ID: CVE-2021-4185)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to infinite loop in RTMPT dissector. A remote attacker can send specially crafted traffic over the network, consume all available system resources and cause denial of service conditions.
15) Input validation error (CVE-ID: CVE-2021-4186)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to insufficient validation of user-supplied input in Gryphon dissector. A remote attacker can pass specially crafted traffic through the network and perform a denial of service (DoS) attack.
16) Infinite loop (CVE-ID: CVE-2021-4190)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to infinite loop in Kafka protocol dissector. A remote attacker can send specially crafted traffic over the network, consume all available system resources and cause denial of service conditions.
17) Input validation error (CVE-ID: CVE-2022-0581)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to insufficient validation of user-supplied input in CMS dissector. A remote attacker can send specially crafted packets over the network and perform a denial of service (DoS) attack.
18) Input validation error (CVE-ID: CVE-2022-0582)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to insufficient validation of user-supplied input in CSN.1 dissector. A remote attacker can send specially crafted packets over the network and perform a denial of service (DoS) attack.
19) Input validation error (CVE-ID: CVE-2022-0583)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to insufficient validation of user-supplied input in PVFS dissector. A remote attacker can send specially crafted packets over the network and perform a denial of service (DoS) attack.
20) Infinite loop (CVE-ID: CVE-2022-0585)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to large loops in multiple dissectors including AMP, ATN-ULCS and possibly other ASN.1 PER dissectors, BP, GDSDB, OpenFlow v5, P_MUL, SoulSeek, TDS, WBXML, WSP and possibly other WAP dissectors, and ZigBee ZCL. A remote attacker can send specially crafted packets over the network, consume all available system resources and cause denial of service conditions.
21) Infinite loop (CVE-ID: CVE-2022-0586)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to infinite loop in RTMPT dissector. A remote attacker can send specially crafted packets over the network, consume all available system resources and cause denial of service conditions.
Remediation
Install update from vendor's website.