CVE-2022-3725 An OPUS protocol crash in Wireshark 3.6.0 to 3.6.8 allows denial of service.
Due to a memory corruption vulnerability in the opus dissector, a remote attacker could potentially crash the Wireshark application via a specially-crafted packet capture file. The issue exists within the handling of opus packets. The opus dissector does not properly handle memory during the decoding process, potentially resulting in a remote denial-of-service condition. As of Wireshark 3.6.8, this CVE has been assigned a severity rating of “medium”. Wireshark users are advised to upgrade to the latest version of Wireshark immediately upon release.
The opus dissector in Wireshark is vulnerable to remote denial-of-service via a specially crafted capture file. The issue exists within the handling of opus packets. The opus dissector does not properly handle memory during the decoding process, potentially resulting in a remote denial-of-service condition. As of Wireshark 3.6.8, this CVE has been assigned a severity rating of “medium”. Wireshark users are advised to upgrade to the latest version of Wireshark immediately upon release.
Wireshark 3.6.8 (released April 5, 2017)
Wireshark 3.6.8 includes a fix for an issue where the opus dissector could crash the Wireshark application via a specially crafted packet capture file. In addition, this release also includes several other fixes and enhancements from the 3.6.7 release candidate series.
Wireshark 3.6.8:
Mitigating Vulnerability
This vulnerability is mitigated by Wireshark 3.6.8, which incorporates a patch that properly handles the opus dissector for memory-related issues.
Timeline
Published on: 10/27/2022 17:15:00 UTC
Last modified on: 12/04/2022 02:15:00 UTC
References
- https://gitlab.com/wireshark/wireshark/-/issues/18378
- https://www.wireshark.org/security/wnpa-sec-2022-07.html
- https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-3725.json
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OIEIFFZ27YKCTK5C2VT4OEQSHPQDBNSF/
- https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-3725