ArchLinux: 202102-3: wireshark-cli: denial of service
Summary
- CVE-2021-22173 (denial of service)
A memory leak leading to denial of service has been found in Wireshark
before 3.4.3, in the USB HID dissector. It can be triggered by
injecting a malformed packet onto the wire or by convincing someone to
read a malformed packet trace file.
- CVE-2021-22174 (denial of service)
A denial of service has been found in Wireshark before 3.4.3, in the
USB HID dissector. It can be triggered by injecting a malformed packet
onto the wire or by convincing someone to read a malformed packet trace
file.
Resolution
Upgrade to 3.4.3-1.
# pacman -Syu "wireshark-cli>=3.4.3-1"
The problems have been fixed upstream in version 3.4.3.
References
https://www.wireshark.org/security/wnpa-sec-2021-01 https://www.wireshark.org/security/wnpa-sec-2021-02 https://gitlab.com/wireshark/wireshark/-/issues/17124 https://gitlab.com/wireshark/wireshark/-/merge_requests/1812 https://gitlab.com/wireshark/wireshark/-/issues/17165 https://gitlab.com/wireshark/wireshark/-/merge_requests/1849 https://security.archlinux.org/CVE-2021-22173 https://security.archlinux.org/CVE-2021-22174
Workaround
None.