CVE-2022-3725 An OPUS protocol crash in Wireshark 3.6.0 to 3.6.8 allows denial of service.

Due to a memory corruption vulnerability in the opus dissector, a remote attacker could potentially crash the Wireshark application via a specially-crafted packet capture file. The issue exists within the handling of opus packets. The opus dissector does not properly handle memory during the decoding process, potentially resulting in a remote denial-of-service condition. As of Wireshark 3.6.8, this CVE has been assigned a severity rating of “medium”. Wireshark users are advised to upgrade to the latest version of Wireshark immediately upon release.
The opus dissector in Wireshark is vulnerable to remote denial-of-service via a specially crafted capture file. The issue exists within the handling of opus packets. The opus dissector does not properly handle memory during the decoding process, potentially resulting in a remote denial-of-service condition. As of Wireshark 3.6.8, this CVE has been assigned a severity rating of “medium”. Wireshark users are advised to upgrade to the latest version of Wireshark immediately upon release.

Wireshark 3.6.8 (released April 5, 2017)

Wireshark 3.6.8 includes a fix for an issue where the opus dissector could crash the Wireshark application via a specially crafted packet capture file. In addition, this release also includes several other fixes and enhancements from the 3.6.7 release candidate series.

Wireshark 3.6.8:

Mitigating Vulnerability
This vulnerability is mitigated by Wireshark 3.6.8, which incorporates a patch that properly handles the opus dissector for memory-related issues.

Timeline

Published on: 10/27/2022 17:15:00 UTC
Last modified on: 12/04/2022 02:15:00 UTC

References