CVE-2021-22174

CWE-770Allocation without LimitsCWE-400Uncontrolled Resource Consumption6 documents6 sources
Severity
7.5HIGH
EPSS
0.2%
top 59.08%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
4
Wireshark WiresharkTHE Wireshark Foundation WiresharkFedoraproject Fedora+1 more
Timeline
PublishedFeb 17
Latest updateMay 24

Description

Crash in USB HID dissector in Wireshark 3.4.0 to 3.4.2 allows denial of service via packet injection or crafted capture file

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:LExploitability: 2.2 | Impact: 1.4

Affected Packages4 packages

NVDwireshark/wireshark3.4.03.4.3
Debianwireshark< 3.4.3-1+3
CVEListV5the_wireshark_foundation/wireshark>=3.4.0, <3.4.3

Also affects: Fedora 32, 33

Patches

Patch: www.oracle.comPatch: www.oracle.com

🔴Vulnerability Details

3
GHSA
GHSA-m8vf-6qcv-248x: Crash in USB HID dissector in Wireshark 32022-05-24
OSV
CVE-2021-22174: Crash in USB HID dissector in Wireshark 32021-02-17
CVEList
CVE-2021-22174: Crash in USB HID dissector in Wireshark 32021-02-17

📋Vendor Advisories

2
Red Hat
wireshark: USB HID dissector could crash2021-01-29
Debian
CVE-2021-22174: wireshark - Crash in USB HID dissector in Wireshark 3.4.0 to 3.4.2 allows denial of service ...2021