{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"state": "PUBLISHED", "cveId": "CVE-2022-3190", "assignerOrgId": "ceab7361-8a18-47b1-92ba-4d7d25f6715a", "assignerShortName": "GitLab", "dateUpdated": "2024-08-03T01:00:10.864Z", "dateReserved": "2022-09-12T00:00:00", "datePublished": "2022-09-13T00:00:00"}, "containers": {"cna": {"providerMetadata": {"orgId": "ceab7361-8a18-47b1-92ba-4d7d25f6715a", "shortName": "GitLab", "dateUpdated": "2022-12-17T00:00:00"}, "descriptions": [{"lang": "en", "value": "Infinite loop in the F5 Ethernet Trailer protocol dissector in Wireshark 3.6.0 to 3.6.7 and 3.4.0 to 3.4.15 allows denial of service via packet injection or crafted capture file"}], "affected": [{"vendor": "SharkFest Foundation", "product": "Wireshark", "versions": [{"version": ">=3.6.0, <3.6.8", "status": "affected"}, {"version": ">=3.4.0, <3.4.16", "status": "affected"}]}], "references": [{"url": "https://www.wireshark.org/security/wnpa-sec-2022-06.html"}, {"url": "https://gitlab.com/wireshark/wireshark/-/issues/18307"}, {"url": "https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-3190.json"}, {"name": "FEDORA-2022-1f2fbb087e", "tags": ["vendor-advisory"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YR5LIOF5VKS4DC2NQWXTMPPXOYJC46XC/"}, {"name": "FEDORA-2022-9d4aa8a486", "tags": ["vendor-advisory"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CH4NUKZKPY4MFQHFBTONJK2AWES4DFDA/"}], "credits": [{"lang": "en", "value": "Jason Cohen"}], "metrics": [{"cvssV3_1": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "REQUIRED", "scope": "UNCHANGED", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "availabilityImpact": "LOW", "baseScore": 6.3, "baseSeverity": "MEDIUM"}}], "problemTypes": [{"descriptions": [{"type": "text", "lang": "en", "description": "Loop with unreachable exit condition ('infinite loop') in Wireshark"}]}]}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T01:00:10.864Z"}, "title": "CVE Program Container", "references": [{"url": "https://www.wireshark.org/security/wnpa-sec-2022-06.html", "tags": ["x_transferred"]}, {"url": "https://gitlab.com/wireshark/wireshark/-/issues/18307", "tags": ["x_transferred"]}, {"url": "https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-3190.json", "tags": ["x_transferred"]}, {"name": "FEDORA-2022-1f2fbb087e", "tags": ["vendor-advisory", "x_transferred"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YR5LIOF5VKS4DC2NQWXTMPPXOYJC46XC/"}, {"name": "FEDORA-2022-9d4aa8a486", "tags": ["vendor-advisory", "x_transferred"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CH4NUKZKPY4MFQHFBTONJK2AWES4DFDA/"}]}]}}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:wireshark:wireshark:*:*:*:*:*:*:*:*", "matchCriteriaId": "87196217-3E62-4206-A5C8-847879E61486", "versionEndExcluding": "3.4.16", "versionStartIncluding": "3.4.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:wireshark:wireshark:*:*:*:*:*:*:*:*", "matchCriteriaId": "FFD8D499-80B1-469F-9439-95395D75C944", "versionEndExcluding": "3.6.8", "versionStartIncluding": "3.6.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:fedoraproject:fedora:36:*:*:*:*:*:*:*", "matchCriteriaId": "5C675112-476C-4D7C-BCB9-A2FB2D0BC9FD", "vulnerable": true}, {"criteria": "cpe:2.3:o:fedoraproject:fedora:37:*:*:*:*:*:*:*", "matchCriteriaId": "E30D0E6F-4AE8-4284-8716-991DFA48CC5D", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Infinite loop in the F5 Ethernet Trailer protocol dissector in Wireshark 3.6.0 to 3.6.7 and 3.4.0 to 3.4.15 allows denial of service via packet injection or crafted capture file"}, {"lang": "es", "value": "Un bucle infinito en el disector del protocolo F5 Ethernet Trailer en Wireshark versiones 3.6.0 a 3.6.7 y 3.4.0 a 3.4.15, permite la denegaci\u00f3n de servicio por medio de la inyecci\u00f3n de paquetes o un archivo de captura dise\u00f1ado"}], "id": "CVE-2022-3190", "lastModified": "2024-11-21T07:19:00.663", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 6.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 3.4, "source": "cve@gitlab.com", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2022-09-13T15:15:09.323", "references": [{"source": "cve@gitlab.com", "tags": ["Third Party Advisory", "VDB Entry"], "url": "https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-3190.json"}, {"source": "cve@gitlab.com", "tags": ["Exploit", "Third Party Advisory"], "url": "https://gitlab.com/wireshark/wireshark/-/issues/18307"}, {"source": "cve@gitlab.com", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CH4NUKZKPY4MFQHFBTONJK2AWES4DFDA/"}, {"source": "cve@gitlab.com", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YR5LIOF5VKS4DC2NQWXTMPPXOYJC46XC/"}, {"source": "cve@gitlab.com", "tags": ["Exploit", "Issue Tracking", "Third Party Advisory"], "url": "https://www.wireshark.org/security/wnpa-sec-2022-06.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory", "VDB Entry"], "url": "https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-3190.json"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit", "Third Party Advisory"], "url": "https://gitlab.com/wireshark/wireshark/-/issues/18307"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CH4NUKZKPY4MFQHFBTONJK2AWES4DFDA/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YR5LIOF5VKS4DC2NQWXTMPPXOYJC46XC/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit", "Issue Tracking", "Third Party Advisory"], "url": "https://www.wireshark.org/security/wnpa-sec-2022-06.html"}], "sourceIdentifier": "cve@gitlab.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-835"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"affected_release": [{"advisory": "RHSA-2023:2373", "cpe": "cpe:/a:redhat:enterprise_linux:9", "package": "wireshark-1:3.4.10-4.el9", "product_name": "Red Hat Enterprise Linux 9", "release_date": "2023-05-09T00:00:00Z"}], "bugzilla": {"description": "wireshark: f5ethtrailer Infinite loop in legacy style dissector", "id": "2152061", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2152061"}, "csaw": false, "cvss3": {"cvss3_base_score": "5.5", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "status": "verified"}, "cwe": "CWE-835", "details": ["Infinite loop in the F5 Ethernet Trailer protocol dissector in Wireshark 3.6.0 to 3.6.7 and 3.4.0 to 3.4.15 allows denial of service via packet injection or crafted capture file", "A vulnerability was found in Wireshark. This issue occurs due to an Infinite loop in the F5 Ethernet Trailer protocol dissector in Wireshark, leading to a denial of service via packet injection or crafted capture file."], "name": "CVE-2022-3190", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Not affected", "package_name": "wireshark", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "wireshark", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "wireshark", "product_name": "Red Hat Enterprise Linux 8"}], "public_date": "2022-09-13T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2022-3190\nhttps://nvd.nist.gov/vuln/detail/CVE-2022-3190\nhttps://www.wireshark.org/security/wnpa-sec-2022-06.html"], "threat_severity": "Moderate"}