No CVEs yet, so lets track this through a tracker bug instead:

for 4.0.3, from changes [0]

* EAP dissector crash.
* NFS dissector memory leak.
* Dissection engine crash.
* GNW dissector crash.
* iSCSI dissector crash.
* Multiple dissector excessive loops.
* TIPC dissector crash.

for 3.6.11, from changes [1]

* NFS dissector memory leak.
* Dissection engine crash.
* GNW dissector crash.
* iSCSI dissector crash.
* Multiple dissector excessive loops.
* TIPC dissector crash.

[0] https://www.wireshark.org/docs/relnotes/wireshark-4.0.3.html
[1] https://www.wireshark.org/docs/relnotes/wireshark-3.6.11.html