From https://www.wireshark.org/docs/relnotes/wireshark-3.6.10.html: * wnpa-sec-2022-09 Multiple dissector infinite loops. * wnpa-sec-2022-10 Kafka dissector memory exhaustion.
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=352d4b3e9ed26031a20cd27f32b1f61b88a0896c commit 352d4b3e9ed26031a20cd27f32b1f61b88a0896c Author: Sam James <sam@gentoo.org> AuthorDate: 2022-12-12 16:13:53 +0000 Commit: Sam James <sam@gentoo.org> CommitDate: 2022-12-12 16:13:53 +0000 net-analyzer/wireshark: add 4.0.2 Bug: https://bugs.gentoo.org/885511 Signed-off-by: Sam James <sam@gentoo.org> net-analyzer/wireshark/Manifest | 1 + net-analyzer/wireshark/wireshark-4.0.2.ebuild | 309 ++++++++++++++++++++++++++ 2 files changed, 310 insertions(+) https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=896c785ed42c204e91a92e5a27a570f7035ee0e3 commit 896c785ed42c204e91a92e5a27a570f7035ee0e3 Author: Sam James <sam@gentoo.org> AuthorDate: 2022-12-12 16:01:41 +0000 Commit: Sam James <sam@gentoo.org> CommitDate: 2022-12-12 16:01:41 +0000 net-analyzer/wireshark: add 3.6.10 Bug: https://bugs.gentoo.org/885511 Signed-off-by: Sam James <sam@gentoo.org> net-analyzer/wireshark/Manifest | 1 + net-analyzer/wireshark/wireshark-3.6.10.ebuild | 269 +++++++++++++++++++++++++ 2 files changed, 270 insertions(+)
CVE-2022-4344 (https://www.wireshark.org/security/wnpa-sec-2022-10.html): Memory exhaustion in the Kafka protocol dissector in Wireshark 4.0.0 to 4.0.1 and 3.6.0 to 3.6.9 allows denial of service via packet injection or crafted capture file
CVE-2022-4345 (https://www.wireshark.org/security/wnpa-sec-2022-09.html): Infinite loops in the BPv6, OpenFlow, and Kafka protocol dissectors in Wireshark 4.0.0 to 4.0.1 and 3.6.0 to 3.6.9 allows denial of service via packet injection or crafted capture file
