- -------------------------------------------------------------------------
Debian LTS Advisory DLA-3906-1                debian-lts@lists.debian.org
https://www.debian.org/lts/security/                          Adrian Bunk
September 30, 2024                            https://wiki.debian.org/LTS
- -------------------------------------------------------------------------

Package        : wireshark
Version        : 3.4.16-0+deb11u1
CVE ID         : CVE-2021-4181 CVE-2021-4182 CVE-2021-4184 CVE-2021-4185 
                 CVE-2021-4186 CVE-2021-4190 CVE-2022-0581 CVE-2022-0582 
                 CVE-2022-0583 CVE-2022-0585 CVE-2022-0586 CVE-2022-3190 
                 CVE-2022-4344 CVE-2022-4345 CVE-2023-0411 CVE-2023-0412 
                 CVE-2023-0413 CVE-2023-0415 CVE-2023-0416 CVE-2023-0417 
                 CVE-2023-0666 CVE-2023-0667 CVE-2023-0668 CVE-2023-1161 
                 CVE-2023-1992 CVE-2023-1993 CVE-2023-1994 CVE-2023-2855 
                 CVE-2023-2856 CVE-2023-2858 CVE-2023-2879 CVE-2023-2906 
                 CVE-2023-2952 CVE-2023-3648 CVE-2023-3649 CVE-2023-4511 
                 CVE-2023-4512 CVE-2023-4513 CVE-2023-6175 CVE-2024-0208 
                 CVE-2024-0209 CVE-2024-0211 CVE-2024-2955 CVE-2024-4853 
                 CVE-2024-4854 CVE-2024-8250 CVE-2024-8645
Debian Bug     : 1033756 1034721 1041101 1059925 1068111 1080298

Multiple vulnerabilities have been fixed in the network traffic analyzer 
Wireshark.

CVE-2021-4181

    Sysdig Event dissector crash

CVE-2021-4182

    RFC 7468 dissector crash

CVE-2021-4184

    BitTorrent DHT dissector infinite loop

CVE-2021-4185

    RTMPT dissector infinite loop

CVE-2021-4186

    Gryphon dissector crash

CVE-2021-4190

    Kafka dissector large loop DoS

CVE-2022-0581

    CMS protocol dissector crash

CVE-2022-0582

    CSN.1 protocol dissector unaligned access

CVE-2022-0583

    PVFS protocol dissector crash

CVE-2022-0585

    Large loops in multiple dissectors

CVE-2022-0586

    RTMPT protocol dissector infinite loop

CVE-2022-3190

    F5 Ethernet Trailer dissector infinite loop

CVE-2022-4344

    Kafka protocol dissector memory exhaustion

CVE-2022-4345

    Infinite loops in the BPv6, OpenFlow, and Kafka protocol dissectors

CVE-2023-0411

    Excessive loops in the BPv6, NCP and RTPS protocol dissectors

CVE-2023-0412

    TIPC dissector crash

CVE-2023-0413

    Dissection engine bug DoS

CVE-2023-0415

    iSCSI dissector crash

CVE-2023-0416

    GNW dissector crash

CVE-2023-0417

    NFS dissector memory leak

CVE-2023-0666

    RTPS parsing heap overflow

CVE-2023-0667

    MSMMS dissector buffer overflow

CVE-2023-0668

    IEEE C37.118 Synchrophasor dissector crash

CVE-2023-1161

    ISO 15765 dissector crash

CVE-2023-1992

    RPCoRDMA dissector crash

CVE-2023-1993

    LISP dissector large loop

CVE-2023-1994

    GQUIC dissector crash

CVE-2023-2855

    Candump log parser crash

CVE-2023-2856

    VMS TCPIPtrace file parser crash

CVE-2023-2858

    NetScaler file parser crash

CVE-2023-2879

    GDSDB dissector infinite loop

CVE-2023-2906

    CP2179 dissector crash

CVE-2023-2952

    XRA dissector infinite loop

CVE-2023-3648

    Kafka dissector crash

CVE-2023-3649

    iSCSI dissector crash

CVE-2023-4511

    BT SDP dissector infinite loop

CVE-2023-4512

    CBOR dissector crash

CVE-2023-4513

    BT SDP dissector memory leak

CVE-2023-6175

    NetScreen file parser crash

CVE-2024-0208

    GVCP dissector crash

CVE-2024-0209

    IEEE 1609.2 dissector crash

CVE-2024-0211

    DOCSIS dissector crash

CVE-2024-2955

    T.38 dissector crash

CVE-2024-4853

    Editcap byte chopping crash

CVE-2024-4854

    MONGO dissector infinite loop

CVE-2024-8250

    NTLMSSP dissector crash

CVE-2024-8645

    SPRT dissector crash

For Debian 11 bullseye, these problems have been fixed in version
3.4.16-0+deb11u1.

We recommend that you upgrade your wireshark packages.

For the detailed security status of wireshark please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/wireshark

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS

Debian LTS: DLA-3906-1: wireshark Security Advisory Updates

September 30, 2024
Multiple vulnerabilities have been fixed in the network traffic analyzer Wireshark

Summary

CVE-2021-4181

Sysdig Event dissector crash

CVE-2021-4182

RFC 7468 dissector crash

CVE-2021-4184

BitTorrent DHT dissector infinite loop

CVE-2021-4185

RTMPT dissector infinite loop

CVE-2021-4186

Gryphon dissector crash

CVE-2021-4190

Kafka dissector large loop DoS

CVE-2022-0581

CMS protocol dissector crash

CVE-2022-0582

CSN.1 protocol dissector unaligned access

CVE-2022-0583

PVFS protocol dissector crash

CVE-2022-0585

Large loops in multiple dissectors

CVE-2022-0586

RTMPT protocol dissector infinite loop

CVE-2022-3190

F5 Ethernet Trailer dissector infinite loop

CVE-2022-4344

Kafka protocol dissector memory exhaustion

CVE-2022-4345

Infinite loops in the BPv6, OpenFlow, and Kafka protocol dissectors

CVE-2023-0411

Excessive loops in the BPv6, NCP and RTPS protocol dissectors

CVE-2023-0412

TIPC dissector crash

CVE-2023-0413

Dissection engine bug DoS

CVE-2023-0415

iSCSI dissector crash

CVE-2023-0416

GNW dissector crash

CVE-2023-0417

NFS dissector memory leak

CVE-2023-0666

RTPS parsing heap overflow

CVE-2023-0667

MSMMS dissector buffer overflow

CVE-2023-0668

IEEE C37.118 Synchrophasor dissector crash

CVE-2023-1161

ISO 15765 dissector crash

CVE-2023-1992

RPCoRDMA dissector crash

CVE-2023-1993

LISP dissector large loop

CVE-2023-1994

GQUIC dissector crash

CVE-2023-2855

Candump log parser crash

CVE-2023-2856

VMS TCPIPtrace file parser crash

CVE-2023-2858

NetScaler file parser crash

CVE-2023-2879

GDSDB dissector infinite loop

CVE-2023-2906

CP2179 dissector crash

CVE-2023-2952

XRA dissector infinite loop

CVE-2023-3648

Kafka dissector crash

CVE-2023-3649

iSCSI dissector crash

CVE-2023-4511

BT SDP dissector infinite loop

CVE-2023-4512

CBOR dissector crash

CVE-2023-4513

BT SDP dissector memory leak

CVE-2023-6175

NetScreen file parser crash

CVE-2024-0208

GVCP dissector crash

CVE-2024-0209

IEEE 1609.2 dissector crash

CVE-2024-0211

DOCSIS dissector crash

CVE-2024-2955

T.38 dissector crash

CVE-2024-4853

Editcap byte chopping crash

CVE-2024-4854

MONGO dissector infinite loop

CVE-2024-8250

NTLMSSP dissector crash

CVE-2024-8645

SPRT dissector crash

For Debian 11 bullseye, these problems have been fixed in version
3.4.16-0+deb11u1.

We recommend that you upgrade your wireshark packages.

For the detailed security status of wireshark please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/wireshark

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS


Severity
Package : wireshark
Version : 3.4.16-0+deb11u1
CVE ID : CVE-2021-4181 CVE-2021-4182 CVE-2021-4184 CVE-2021-4185
Debian Bug : 1033756 1034721 1041101 1059925 1068111 1080298

Related News

Google Releases Chrome 130 with Critical Security Fixes for 17 Flaws
3 - 5 min read
Google recently unveiled Chrome 130 , an update that addresses several security vulnerabilities to ensure the web browser's safety and reliability.
U.S. Investigation into China-Backed Telecom Companies Hack: The Role & Risks of Encryption Backdoors
3 - 5 min read
U.S. authorities are on high alert as they investigate an alleged Chinese state-sponsored hack targeting major U.S. telecommunications companies.
FASTCash Linux Malware: A New Cybercrime Menace Targeting Payment Switch Systems
3 - 5 min read
As malware threats evolve to increasingly target Linux systems, admins and organizations must stay up-to-date on the latest Linux malware variants
Optimizing CWPP on Linux Servers: Best Practices and Configurations
3 - 6 min read
Cloud Workload Protection Platforms are now essential for securing virtual environments. These provide a robust security layer vital for addressing
The Infiltration of Supply Chain Attacks in Open-Source Software Management
3 - 6 min read
Open-source projects are renowned for their collaborative nature and widespread adoption, yet more sophisticated supply chain attacks target them
Strengthen Your Linux Software Development Pipeline with Code Security Scanners
3 - 6 min read
Developers recognize the critical nature of protecting software systems as cyberattacks grow more sophisticated, thus necessitating robust security
Everything You Need to Know About Cloud Security Posture Management
3 - 5 min read
Many companies are transitioning from physical servers to cloud operations, but this transformation brings new challenges. Cloud Security Posture
Understanding the Critical Oath-Toolkit Vulnerability and Its Implications for Admins
3 - 5 min read
As Linux security threats advance and evolve, vulnerabilities often surface unexpectedly, exposing systems to potential exploitation. SUSE

Get the Latest News & Insights

Sign up to get the latest security news affecting Linux and open source delivered straight to your inbox.

© 2024 Guardian Digital, Inc All Rights Reserved