Rewterz Threat Advisory – Multiple VMware ESXi, Workstation, and Fusion Vulnerabilities
February 16, 2022Rewterz Threat Alert – Lazarus APT Group – Active IOCs
February 16, 2022Rewterz Threat Advisory – Multiple VMware ESXi, Workstation, and Fusion Vulnerabilities
February 16, 2022Rewterz Threat Alert – Lazarus APT Group – Active IOCs
February 16, 2022Severity
Medium
Analysis Summary
CVE-2022-0581
Wireshark is vulnerable to a denial of service, caused by an error in the CMS dissectors. By injecting a malformed packet onto the wire or persuading a victim to read a malformed packet trace file, a remote attacker could exploit this vulnerability to cause the application to crash.
CVE-2022-0582
Wireshark is vulnerable to a denial of service, caused by an error in the CSN.1 protocol dissectors. By injecting a malformed packet onto the wire or persuading a victim to read a malformed packet trace file, a remote attacker could exploit this vulnerability to cause the application to crash.
CVE-2022-0583
Wireshark is vulnerable to a denial of service, caused by an error in the PVFS dissectors. By injecting a malformed packet onto the wire or persuading a victim to read a malformed packet trace file, a remote attacker could exploit this vulnerability to cause the application to crash.
CVE-2022-0586
Wireshark is vulnerable to a denial of service, caused by an infinite loop in the RTMPT dissector. By injecting a malformed packet onto the wire or persuading a victim to read a malformed packet trace file, a remote attacker could exploit this vulnerability to cause the application to enter into an infinite loop.
Impact
- Denial of Service
Indicators of Compromise
CVE
- CVE-2022-0581
- CVE-2022-0582
- CVE-2022-0583
- CVE-2022-0586
Affected Vendors
Wireshark
Affected Products
- Wireshark Wireshark 3.6.0
- Wireshark Wireshark 3.6.1
- Wireshark Wireshark 3.4.11
- Wireshark Wireshark 3.4.0
Remediation
Refer to Wireshark advisory for patch, upgrade, or suggested workaround information.