First published: Wed Jan 11 2023(Updated: )
Memory exhaustion in the Kafka protocol dissector in Wireshark 4.0.0 to 4.0.1 and 3.6.0 to 3.6.9 allows denial of service via packet injection or crafted capture file
Credit: cve@gitlab.com
Affected Software | Affected Version | How to fix |
---|---|---|
Wireshark Wireshark | >=3.0.0<3.6.10 | |
Wireshark Wireshark | >=4.0.0<4.0.2 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2022-4344 is a vulnerability that allows memory exhaustion in the Kafka protocol dissector in Wireshark 4.0.0 to 4.0.1 and 3.6.0 to 3.6.9, leading to denial of service through packet injection or crafted capture file.
The severity of CVE-2022-4344 is medium, with a severity value of 4.3.
CVE-2022-4344 affects Wireshark versions 4.0.0 to 4.0.1 and 3.6.0 to 3.6.9.
To fix CVE-2022-4344, it is recommended to update to a version of Wireshark that is not affected, such as version 4.0.2 or higher for Wireshark 4.x and version 3.6.10 or higher for Wireshark 3.6.x.
You can find more information about CVE-2022-4344 at the following references: [Reference 1](https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-4344.json), [Reference 2](https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RDZMWIKH3L5JQZC6GSVOJ3N5UXNQPJGQ/), [Reference 3](https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SGWIW6K64PKC375YAONYXKIVT2FDEDV3/)