{"schema_version":"1.7.2","id":"OESA-2022-1610","modified":"2022-04-12T11:03:41Z","published":"2022-04-12T11:03:41Z","upstream":["CVE-2021-22207","CVE-2021-22191","CVE-2021-4181","CVE-2021-4185"],"summary":"wireshark security update","details":"Wireshark allows you to examine protocol data stored in files or as it is captured from wired or wireless (WiFi or Bluetooth) networks, USB devices, and many other sources.  It supports dozens of protocol capture file formats and understands more than a thousand protocols.\r\n\r\n\r\n\r\nSecurity Fix(es):\r\n\r\nExcessive memory consumption in MS-WSP dissector in Wireshark 3.4.0 to 3.4.4 and 3.2.0 to 3.2.12 allows denial of service via packet injection or crafted capture file(CVE-2021-22207)\r\n\r\nImproper URL handling in Wireshark 3.4.0 to 3.4.3 and 3.2.0 to 3.2.11 could allow remote code execution via via packet injection or crafted capture file.(CVE-2021-22191)\r\n\r\nCrash in the Sysdig Event dissector in Wireshark 3.6.0 and 3.4.0 to 3.4.10 allows denial of service via packet injection or crafted capture file(CVE-2021-4181)\r\n\r\nInfinite loop in the RTMPT dissector in Wireshark 3.6.0 and 3.4.0 to 3.4.10 allows denial of service via packet injection or crafted capture file(CVE-2021-4185)","affected":[{"package":{"ecosystem":"openEuler:20.03-LTS-SP1","name":"wireshark","purl":"pkg:rpm/openEuler/wireshark\u0026distro=openEuler-20.03-LTS-SP1"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"2.6.2-21.oe1"}]}],"ecosystem_specific":{"aarch64":["wireshark-devel-2.6.2-21.oe1.aarch64.rpm","wireshark-debugsource-2.6.2-21.oe1.aarch64.rpm","wireshark-debuginfo-2.6.2-21.oe1.aarch64.rpm","wireshark-help-2.6.2-21.oe1.aarch64.rpm","wireshark-2.6.2-21.oe1.aarch64.rpm"],"src":["wireshark-2.6.2-21.oe1.src.rpm"],"x86_64":["wireshark-debuginfo-2.6.2-21.oe1.x86_64.rpm","wireshark-2.6.2-21.oe1.x86_64.rpm","wireshark-help-2.6.2-21.oe1.x86_64.rpm","wireshark-devel-2.6.2-21.oe1.x86_64.rpm","wireshark-debugsource-2.6.2-21.oe1.x86_64.rpm"]}},{"package":{"ecosystem":"openEuler:20.03-LTS-SP2","name":"wireshark","purl":"pkg:rpm/openEuler/wireshark\u0026distro=openEuler-20.03-LTS-SP2"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"2.6.2-21.oe1"}]}],"ecosystem_specific":{"aarch64":["wireshark-devel-2.6.2-21.oe1.aarch64.rpm","wireshark-debugsource-2.6.2-21.oe1.aarch64.rpm","wireshark-debuginfo-2.6.2-21.oe1.aarch64.rpm","wireshark-help-2.6.2-21.oe1.aarch64.rpm","wireshark-2.6.2-21.oe1.aarch64.rpm"],"src":["wireshark-2.6.2-21.oe1.src.rpm"],"x86_64":["wireshark-debuginfo-2.6.2-21.oe1.x86_64.rpm","wireshark-2.6.2-21.oe1.x86_64.rpm","wireshark-help-2.6.2-21.oe1.x86_64.rpm","wireshark-devel-2.6.2-21.oe1.x86_64.rpm","wireshark-debugsource-2.6.2-21.oe1.x86_64.rpm"]}},{"package":{"ecosystem":"openEuler:20.03-LTS-SP3","name":"wireshark","purl":"pkg:rpm/openEuler/wireshark\u0026distro=openEuler-20.03-LTS-SP3"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"2.6.2-21.oe1"}]}],"ecosystem_specific":{"aarch64":["wireshark-devel-2.6.2-21.oe1.aarch64.rpm","wireshark-debugsource-2.6.2-21.oe1.aarch64.rpm","wireshark-debuginfo-2.6.2-21.oe1.aarch64.rpm","wireshark-help-2.6.2-21.oe1.aarch64.rpm","wireshark-2.6.2-21.oe1.aarch64.rpm"],"src":["wireshark-2.6.2-21.oe1.src.rpm"],"x86_64":["wireshark-debuginfo-2.6.2-21.oe1.x86_64.rpm","wireshark-2.6.2-21.oe1.x86_64.rpm","wireshark-help-2.6.2-21.oe1.x86_64.rpm","wireshark-devel-2.6.2-21.oe1.x86_64.rpm","wireshark-debugsource-2.6.2-21.oe1.x86_64.rpm"]}}],"references":[{"type":"ADVISORY","url":"https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2022-1610"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2021-22207"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2021-22191"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2021-4181"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2021-4185"}],"database_specific":{"severity":"High"}}