CVE-2021-22173

CWE-401Memory LeakCWE-400Uncontrolled Resource Consumption6 documents6 sources
Severity
7.5HIGH
EPSS
0.5%
top 34.09%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
4
Wireshark WiresharkTHE Wireshark Foundation WiresharkFedoraproject Fedora+1 more
Timeline
PublishedFeb 17
Latest updateMay 24

Description

Memory leak in USB HID dissector in Wireshark 3.4.0 to 3.4.2 allows denial of service via packet injection or crafted capture file

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:LExploitability: 2.2 | Impact: 1.4

Affected Packages4 packages

NVDwireshark/wireshark3.4.03.4.3
Debianwireshark< 3.4.3-1+3
CVEListV5the_wireshark_foundation/wireshark>=3.4.0, <3.4.3

Also affects: Fedora 32, 33

Patches

Patch: www.oracle.comPatch: www.oracle.com

🔴Vulnerability Details

3
GHSA
GHSA-mxrc-pw88-9mfj: Memory leak in USB HID dissector in Wireshark 32022-05-24
OSV
CVE-2021-22173: Memory leak in USB HID dissector in Wireshark 32021-02-17
CVEList
CVE-2021-22173: Memory leak in USB HID dissector in Wireshark 32021-02-17

📋Vendor Advisories

2
Red Hat
wireshark: USB HID dissector memory leak2021-01-29
Debian
CVE-2021-22173: wireshark - Memory leak in USB HID dissector in Wireshark 3.4.0 to 3.4.2 allows denial of se...2021