Infinite loop Affecting wireshark package, versions [3.4.0,3.4.11)[3.6.0, 3.6.1)


Severity

Recommended
0.0
high
0
10

CVSS assessment made by Snyk's Security Team. Learn more

Threat Intelligence

EPSS
0.26% (67th percentile)

Do your applications use this vulnerable package?

In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.

Test your applications
  • Snyk IDSNYK-UNMANAGED-WIRESHARK-2932153
  • published20 Jun 2022
  • disclosed20 Jun 2022
  • creditSharon Brizinov

Introduced: 20 Jun 2022

CVE-2021-4190  (opens in a new tab)
CWE-835  (opens in a new tab)

How to fix?

Upgrade wireshark to version 3.4.11, 3.6.1 or higher.

Overview

Affected versions of this package are vulnerable to Infinite loop through the Kafka dissector via packet injection or crafted capture file.

CVSS Scores

version 3.1