CVE-2022-0582

Published: Feb 14, 2022Modified: Nov 3, 2025

9.8

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Exploitability: 3.9 / Impact: 5.9

Source: NVD

Description

Unaligned access in the CSN.1 protocol dissector in Wireshark 3.6.0 to 3.6.1 and 3.4.0 to 3.4.11 allows denial of service via packet injection or crafted capture file

Affected (6)

Products: Wireshark: Wireshark · Fedoraproject: Fedora · Debian: Debian Linux

1 product

1 product

1 product

Configuration A

3 vulnerable

Vulnerable Software	Affected Versions
Wireshark Wireshark	From 3.4.0 to 3.4.12
Wireshark Wireshark	Version 3.6.0
Wireshark Wireshark	Version 3.6.1

Configuration B

2 vulnerable

Vulnerable Software	Affected Versions
Fedoraproject Fedora	Version 34
Fedoraproject Fedora	Version 35

Configuration C

1 vulnerable

Vulnerable Software	Affected Versions
Debian Debian Linux	Version 9.0

Related CWEs

CWE-476

NULL Pointer Dereference

The product dereferences a pointer that it expects to be valid but is NULL.

References (15)

https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-0582.json

Source: cve@gitlab.com

Third Party Advisory

https://gitlab.com/wireshark/wireshark/-/issues/17882

Source: cve@gitlab.com

ExploitIssue TrackingThird Party Advisory

https://lists.debian.org/debian-lts-announce/2022/03/msg00041.html

Source: cve@gitlab.com

Mailing ListThird Party Advisory

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HRJ24JRKLA6XMDKLGVTOPM5KBBU4UHLN/

Source: cve@gitlab.com

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/V3DZD2JU56ZI4XV2B3HGVGA5PXQDNA5T/

Source: cve@gitlab.com

https://security.gentoo.org/glsa/202210-04

Source: cve@gitlab.com

Third Party Advisory

https://www.wireshark.org/security/wnpa-sec-2022-04.html

Source: cve@gitlab.com

Issue TrackingVendor Advisory

https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-0582.json