CVE-2022-4344

Memory exhaustion in the Kafka protocol dissector in Wireshark 4.0.0 to 4.0.1 and 3.6.0 to 3.6.9 allows denial of service via packet injection or crafted capture file

Published: Jan 12, 2023
Updated: Apr 14, 2023
CVE: CVE-2022-4344
Severity: Low
Exploit:

CVSS v3:

Severity: Low
Score: 4.3
AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L

CWEs:

CWE-400

Affected Software
References

Software	From	Fixed in
wireshark / wireshark	4.0.0	4.0.2
wireshark / wireshark	3.0.0	3.6.10

https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-4344.json
https://lists.fedoraproject.org/archives/list/[email protected]/message/RDZMWIKH3L5JQZC6GSVOJ3N5UXNQPJGQ/
https://lists.fedoraproject.org/archives/list/[email protected]/message/SGWIW6K64PKC375YAONYXKIVT2FDEDV3/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RDZMWIKH3L5JQZC6GSVOJ3N5UXNQPJGQ/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SGWIW6K64PKC375YAONYXKIVT2FDEDV3/
https://www.wireshark.org/security/wnpa-sec-2022-10.html

Vulnerability Database

289,697

CVE-2022-4344