ALT-BU-2022-4094-1
Branch sisyphus update bulletin.
Closed vulnerabilities
Modified: 2024-11-21
CVE-2022-0581
Crash in the CMS protocol dissector in Wireshark 3.6.0 to 3.6.1 and 3.4.0 to 3.4.11 allows denial of service via packet injection or crafted capture file
- https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-0581.json
- https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-0581.json
- https://gitlab.com/wireshark/wireshark/-/issues/17935
- https://gitlab.com/wireshark/wireshark/-/issues/17935
- [debian-lts-announce] 20220331 [SECURITY] [DLA 2967-1] wireshark security update
- [debian-lts-announce] 20220331 [SECURITY] [DLA 2967-1] wireshark security update
- FEDORA-2022-5a3603afe0
- FEDORA-2022-5a3603afe0
- FEDORA-2022-e29665a42b
- FEDORA-2022-e29665a42b
- GLSA-202210-04
- GLSA-202210-04
- https://www.wireshark.org/security/wnpa-sec-2022-05.html
- https://www.wireshark.org/security/wnpa-sec-2022-05.html
Modified: 2024-11-21
CVE-2022-0582
Unaligned access in the CSN.1 protocol dissector in Wireshark 3.6.0 to 3.6.1 and 3.4.0 to 3.4.11 allows denial of service via packet injection or crafted capture file
- https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-0582.json
- https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-0582.json
- https://gitlab.com/wireshark/wireshark/-/issues/17882
- https://gitlab.com/wireshark/wireshark/-/issues/17882
- [debian-lts-announce] 20220331 [SECURITY] [DLA 2967-1] wireshark security update
- [debian-lts-announce] 20220331 [SECURITY] [DLA 2967-1] wireshark security update
- FEDORA-2022-5a3603afe0
- FEDORA-2022-5a3603afe0
- FEDORA-2022-e29665a42b
- FEDORA-2022-e29665a42b
- GLSA-202210-04
- GLSA-202210-04
- https://www.wireshark.org/security/wnpa-sec-2022-04.html
- https://www.wireshark.org/security/wnpa-sec-2022-04.html
Modified: 2024-11-21
CVE-2022-0583
Crash in the PVFS protocol dissector in Wireshark 3.6.0 to 3.6.1 and 3.4.0 to 3.4.11 allows denial of service via packet injection or crafted capture file
- https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-0583.json
- https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-0583.json
- https://gitlab.com/wireshark/wireshark/-/issues/17840
- https://gitlab.com/wireshark/wireshark/-/issues/17840
- [debian-lts-announce] 20220331 [SECURITY] [DLA 2967-1] wireshark security update
- [debian-lts-announce] 20220331 [SECURITY] [DLA 2967-1] wireshark security update
- FEDORA-2022-5a3603afe0
- FEDORA-2022-5a3603afe0
- FEDORA-2022-e29665a42b
- FEDORA-2022-e29665a42b
- GLSA-202210-04
- GLSA-202210-04
- https://www.wireshark.org/security/wnpa-sec-2022-03.html
- https://www.wireshark.org/security/wnpa-sec-2022-03.html
Modified: 2024-11-21
CVE-2022-0585
Large loops in multiple protocol dissectors in Wireshark 3.6.0 to 3.6.1 and 3.4.0 to 3.4.11 allow denial of service via packet injection or crafted capture file
- https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-0585.json
- https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-0585.json
- [debian-lts-announce] 20220331 [SECURITY] [DLA 2967-1] wireshark security update
- [debian-lts-announce] 20220331 [SECURITY] [DLA 2967-1] wireshark security update
- FEDORA-2022-5a3603afe0
- FEDORA-2022-5a3603afe0
- FEDORA-2022-e29665a42b
- FEDORA-2022-e29665a42b
- GLSA-202210-04
- GLSA-202210-04
- https://www.wireshark.org/security/wnpa-sec-2022-02.html
- https://www.wireshark.org/security/wnpa-sec-2022-02.html
Modified: 2024-11-21
CVE-2022-0586
Infinite loop in RTMPT protocol dissector in Wireshark 3.6.0 to 3.6.1 and 3.4.0 to 3.4.11 allows denial of service via packet injection or crafted capture file
- https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-0586.json
- https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-0586.json
- https://gitlab.com/wireshark/wireshark/-/issues/17813
- https://gitlab.com/wireshark/wireshark/-/issues/17813
- [debian-lts-announce] 20220331 [SECURITY] [DLA 2967-1] wireshark security update
- [debian-lts-announce] 20220331 [SECURITY] [DLA 2967-1] wireshark security update
- FEDORA-2022-5a3603afe0
- FEDORA-2022-5a3603afe0
- FEDORA-2022-e29665a42b
- FEDORA-2022-e29665a42b
- GLSA-202210-04
- GLSA-202210-04
- https://www.wireshark.org/security/wnpa-sec-2022-01.html
- https://www.wireshark.org/security/wnpa-sec-2022-01.html
Closed vulnerabilities
Modified: 2024-11-21
CVE-2022-25638
In wolfSSL before 5.2.0, certificate validation may be bypassed during attempted authentication by a TLS 1.3 client to a TLS 1.3 server. This occurs when the sig_algo field differs between the certificate_verify message and the certificate message.
Modified: 2024-11-21
CVE-2022-25640
In wolfSSL before 5.2.0, a TLS 1.3 server cannot properly enforce a requirement for mutual authentication. A client can simply omit the certificate_verify message from the handshake, and never present a certificate.