Loop with Unreachable Exit Condition ('Infinite Loop') in wireshark | CVE-2022-0586

Threat Intelligence

0.21% (60^th percentile)

Do your applications use this vulnerable package?

In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.

Test your applications

Snyk IDSNYK-RHEL7-WIRESHARK-2401574
published15 Feb 2022
disclosed10 Feb 2022

Report a new vulnerability Found a mistake?

Introduced: 10 Feb 2022

CVE-2022-0586 (opens in a new tab) CWE-835 (opens in a new tab)

Amendment

The Red Hat security team deemed this advisory irrelevant for RHEL:7.

NVD Description

Note: Versions mentioned in the description apply only to the upstream wireshark package and not the wireshark package as distributed by RHEL.

Infinite loop in RTMPT protocol dissector in Wireshark 3.6.0 to 3.6.1 and 3.4.0 to 3.4.11 allows denial of service via packet injection or crafted capture file

References

https://access.redhat.com/security/cve/CVE-2022-0586
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HRJ24JRKLA6XMDKLGVTOPM5KBBU4UHLN/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/V3DZD2JU56ZI4XV2B3HGVGA5PXQDNA5T/
https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-0586.json
https://gitlab.com/wireshark/wireshark/-/issues/17813
https://lists.debian.org/debian-lts-announce/2022/03/msg00041.html
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HRJ24JRKLA6XMDKLGVTOPM5KBBU4UHLN/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/V3DZD2JU56ZI4XV2B3HGVGA5PXQDNA5T/
https://security.gentoo.org/glsa/202210-04
https://www.wireshark.org/security/wnpa-sec-2022-01.html

Loop with Unreachable Exit Condition ('Infinite Loop') The advisory has been revoked - it doesn't affect any version of package wireshark (opens in a new tab)