CVE-2022-3190 : Infinite loop in the F5 Ethernet Trailer protocol dissector in Wireshark 3.6.0 to 3.6.7 and 3.4.0 to 3.4.15 allows denia

Infinite loop in the F5 Ethernet Trailer protocol dissector in Wireshark 3.6.0 to 3.6.7 and 3.4.0 to 3.4.15 allows denial of service via packet injection or crafted capture file

Published 2022-09-13 15:15:09

Updated 2023-02-28 15:31:45

Source GitLab Inc.

View at NVD, CVE.org

Vulnerability category: Denial of service

Exploit prediction scoring system (EPSS) score for CVE-2022-3190

Probability of exploitation activity in the next 30 days: 0.06%

Percentile, the proportion of vulnerabilities that are scored at or less: ~ 24 % EPSS Score History EPSS FAQ

CVSS scores for CVE-2022-3190

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source
6.3	MEDIUM	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L	2.8	3.4	GitLab Inc.
Attack Vector: Network Attack Complexity: Low Privileges Required: None User Interaction: Required Scope: Unchanged Confidentiality: Low Integrity: Low Availability: Low
5.5	MEDIUM	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H	1.8	3.6	NIST
Attack Vector: Local Attack Complexity: Low Privileges Required: None User Interaction: Required Scope: Unchanged Confidentiality: None Integrity: None Availability: High

CWE ids for CVE-2022-3190

CWE-835 Loop with Unreachable Exit Condition ('Infinite Loop')

The product contains an iteration or loop with an exit condition that cannot be reached, i.e., an infinite loop.

Assigned by: nvd@nist.gov (Primary)

References for CVE-2022-3190

https://gitlab.com/wireshark/wireshark/-/issues/18307

f5ethtrailer: Infinite loop in legacy style dissector (#18307) · Issues · Wireshark Foundation / wireshark · GitLab
Exploit;Third Party Advisory
https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-3190.json

2022/CVE-2022-3190.json · master · GitLab.org / cves · GitLab
Third Party Advisory;VDB Entry
https://www.wireshark.org/security/wnpa-sec-2022-06.html

Wireshark · wnpa-sec-2022-06 · F5 Ethernet Trailer dissector infinite loop
Exploit;Issue Tracking;Third Party Advisory
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CH4NUKZKPY4MFQHFBTONJK2AWES4DFDA/

[SECURITY] Fedora 37 Update: wireshark-4.0.2-1.fc37 - package-announce - Fedora Mailing-Lists
Mailing List;Third Party Advisory

CVEs referencing this url
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YR5LIOF5VKS4DC2NQWXTMPPXOYJC46XC/

[SECURITY] Fedora 36 Update: wireshark-3.6.10-1.fc36 - package-announce - Fedora Mailing-Lists
Mailing List;Third Party Advisory

CVEs referencing this url

Products affected by CVE-2022-3190

Wireshark » Wireshark
Versions from including (>=) 3.4.0 and before (<) 3.4.16
cpe:2.3:a:wireshark:wireshark:*:*:*:*:*:*:*:*
Matching versions
Wireshark » Wireshark
Versions from including (>=) 3.6.0 and before (<) 3.6.8
cpe:2.3:a:wireshark:wireshark:*:*:*:*:*:*:*:*
Matching versions
Fedoraproject » Fedora » Version: 36
cpe:2.3:o:fedoraproject:fedora:36:*:*:*:*:*:*:*
Matching versions
Fedoraproject » Fedora » Version: 37
cpe:2.3:o:fedoraproject:fedora:37:*:*:*:*:*:*:*
Matching versions

Vulnerability Details : CVE-2022-3190

Exploit prediction scoring system (EPSS) score for CVE-2022-3190

CVSS scores for CVE-2022-3190

CWE ids for CVE-2022-3190

References for CVE-2022-3190

Products affected by CVE-2022-3190