CVE Details for CVE: CVE-2022-4345
Summary
Infinite loops in the BPv6, OpenFlow, and Kafka protocol dissectors in Wireshark 4.0.0 to 4.0.1 and 3.6.0 to 3.6.9 allows denial of service via packet injection or crafted capture file
| Timestamps | |
|---|---|
| Last major update | 07-11-2023 - 03:57 |
| Published | 12-01-2023 - 04:15 |
| Last modified | 07-11-2023 - 03:57 |
References
- https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-4345.json
- https://www.wireshark.org/security/wnpa-sec-2022-09.html
- https://lists.debian.org/debian-lts-announce/2023/02/msg00007.html
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RDZMWIKH3L5JQZC6GSVOJ3N5UXNQPJGQ/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SGWIW6K64PKC375YAONYXKIVT2FDEDV3/
Vulnerable Configurations
CWE
CVSS
Base
None
Impact
Exploitability
Access
| Vector | Complexity | Authentication |
|---|---|---|
Impact
| Confidentiality | Integrity | Availability |
|---|---|---|
CVSS3
Base
6.5
Impact
3.6
Exploitability
2.8
Access
| Attack Complexity | Attack vector | Privileges Required | Scope | User Interaction |
|---|---|---|---|---|
| LOW | NETWORK | NONE | UNCHANGED | REQUIRED |
Impact
| Confidentiality | Integrity | Availability |
|---|---|---|
| NONE | NONE | HIGH |
VIA4 references
cvss3-vector
via4