Opened 4 years ago
Closed 4 years ago
#14582 closed enhancement (fixed)
wireshark-3.4.3
Reported by: | Owned by: | Douglas R. Reno | |
---|---|---|---|
Priority: | high | Milestone: | 10.1 |
Component: | BOOK | Version: | SVN |
Severity: | normal | Keywords: | |
Cc: |
Description
I was browsing https://www.wireshark.org/security/ re vulnerabilities to identify when I noticed that two of them, wnpa-sec-2021-01/2 (memory leak, crash) were fixed in 3.4.3.
Looking for that I see that it was just released (29th january). Since crashes and memory leaks seem to attract CVEs, I'm marking this as High.
Change History (5)
comment:1 by , 4 years ago
Owner: | changed from | to
---|---|
Status: | new → assigned |
comment:3 by , 4 years ago
WNPA-SEC-2021-01 (CVE-2021-22173)
Summary Name: USB HID dissector memory leak Docid: wnpa-sec-2021-01 Date: January 29, 2021 Affected versions: 3.4.0 to 3.4.2 Fixed versions: 3.4.3 References: Wireshark bug 17124 Details Description The USB HID dissector could leak memory. Impact It may be possible to make Wireshark consume excessive CPU resources by injecting a malformed packet onto the wire or by convincing someone to read a malformed packet trace file. Resolution Upgrade to Wireshark 3.4.3 or later.
comment:4 by , 4 years ago
WNPA-SEC-2021-02 (CVE-2021-22174)
Summary Name: USB HID dissector crash Docid: wnpa-sec-2021-02 Date: January 29, 2021 Affected versions: 3.4.0 to 3.4.2 Fixed versions: 3.4.3 References: Wireshark bug 17165 Details Description The USB HID dissector could crash. Impact It may be possible to make Wireshark crash by injecting a malformed packet onto the wire or by convincing someone to read a malformed packet trace file. Resolution Upgrade to Wireshark 3.4.3 or later.
Note:
See TracTickets
for help on using tickets.