SB2024080692 - Amazon Linux AMI update for wireshark
Published: August 6, 2024
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 22 secuirty vulnerabilities.
1) Input validation error (CVE-ID: CVE-2021-39920)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to insufficient validation in the IPPUSB dissector. A remote attacker can send specially crafted packets through the application and perform a denial of service (DoS) attack.
2) Input validation error (CVE-ID: CVE-2021-39921)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to insufficient validation in the Modbus dissector. A remote attacker can send specially crafted packets through the application and perform a denial of service (DoS) attack.
3) Input validation error (CVE-ID: CVE-2021-39922)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to insufficient validation in the C12.22 dissector. A remote attacker can send specially crafted packets through the application and perform a denial of service (DoS) attack.
4) Infinite loop (CVE-ID: CVE-2021-39923)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to infinite loop in the PNRP dissector. A remote attacker can send specially crafted packets through the application, consume all available system resources and perform a denial of service (DoS) attack.5) Infinite loop (CVE-ID: CVE-2021-39924)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to infinite loop in the Bluetooth DHT dissector. A remote attacker can send specially crafted packets through the application, consume all available system resources and perform a denial of service (DoS) attack.
6) Input validation error (CVE-ID: CVE-2021-39925)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to insufficient validation in the Bluetooth SDP dissector. A remote attacker can send specially crafted packets through the application and perform a denial of service (DoS) attack.
7) Input validation error (CVE-ID: CVE-2021-39926)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to insufficient validation in the Bluetooth HCI_ISO dissector. A remote attacker can send specially crafted packets through the application and perform a denial of service (DoS) attack.
8) Input validation error (CVE-ID: CVE-2021-39928)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to insufficient validation in the IEEE 802.11 dissector. A remote attacker can send specially crafted packets through the application and perform a denial of service (DoS) attack.
9) Input validation error (CVE-ID: CVE-2021-39929)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to insufficient validation in the Bluetooth DHT dissector. A remote attacker can send specially crafted packets through the application and perform a denial of service (DoS) attack.
10) Input validation error (CVE-ID: CVE-2021-4181)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to insufficient validation of user-supplied input in the Sysdig Event dissector. A remote attacker can send specially crafted traffic over the network and perform a denial of service (DoS) attack.
11) Infinite loop (CVE-ID: CVE-2021-4182)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to infinite loop in RFC 7468 file parser. A remote attacker can trick the victim to open a specially crafted packet trace file and consume excessive CPU resources.
12) Infinite loop (CVE-ID: CVE-2021-4184)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to infinite loop in BitTorrent DHT dissector. A remote attacker can send specially crafted traffic over the network, consume all available system resources and cause denial of service conditions.
13) Infinite loop (CVE-ID: CVE-2021-4185)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to infinite loop in RTMPT dissector. A remote attacker can send specially crafted traffic over the network, consume all available system resources and cause denial of service conditions.
14) Input validation error (CVE-ID: CVE-2021-4186)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to insufficient validation of user-supplied input in Gryphon dissector. A remote attacker can pass specially crafted traffic through the network and perform a denial of service (DoS) attack.
15) Infinite loop (CVE-ID: CVE-2021-4190)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to infinite loop in Kafka protocol dissector. A remote attacker can send specially crafted traffic over the network, consume all available system resources and cause denial of service conditions.
16) Input validation error (CVE-ID: CVE-2022-0581)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to insufficient validation of user-supplied input in CMS dissector. A remote attacker can send specially crafted packets over the network and perform a denial of service (DoS) attack.
17) Input validation error (CVE-ID: CVE-2022-0582)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to insufficient validation of user-supplied input in CSN.1 dissector. A remote attacker can send specially crafted packets over the network and perform a denial of service (DoS) attack.
18) Input validation error (CVE-ID: CVE-2022-0583)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to insufficient validation of user-supplied input in PVFS dissector. A remote attacker can send specially crafted packets over the network and perform a denial of service (DoS) attack.
19) Infinite loop (CVE-ID: CVE-2022-0585)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to large loops in multiple dissectors including AMP, ATN-ULCS and possibly other ASN.1 PER dissectors, BP, GDSDB, OpenFlow v5, P_MUL, SoulSeek, TDS, WBXML, WSP and possibly other WAP dissectors, and ZigBee ZCL. A remote attacker can send specially crafted packets over the network, consume all available system resources and cause denial of service conditions.
20) Infinite loop (CVE-ID: CVE-2022-0586)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to infinite loop in RTMPT dissector. A remote attacker can send specially crafted packets over the network, consume all available system resources and cause denial of service conditions.
21) Infinite loop (CVE-ID: CVE-2022-3190)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to infinite loop within the F5 Ethernet Trailer dissector. A remote attacker can consume all available system resources and cause denial of service conditions.
22) Input validation error (CVE-ID: CVE-2022-3725)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to insufficient validation of user-supplied input in OPUS dissector. A remote attacker can send specially crafted traffic to the application and perform a denial of service (DoS) attack.
Remediation
Install update from vendor's website.