CVE-2021-22191
published 2021-03-15CVE-2021-22191: Improper URL handling in Wireshark 3.4.0 to 3.4.3 and 3.2.0 to 3.2.11 could allow remote code execution via via packet injection or crafted capture file.
high8.8CVSS 3.1
AVNACLPRNUIRSUCHIHAH
Improper URL handling in Wireshark 3.4.0 to 3.4.3 and 3.2.0 to 3.2.11 could allow remote code execution via via packet injection or crafted capture file.
Affected
11 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | debian_linux | — | — |
| debian | wireshark | < wireshark 3.4.4-1 (bookworm) | wireshark 3.4.4-1 (bookworm) |
| oracle | zfs_storage_appliance | — | — |
| the_wireshark_foundation | wireshark | — | — |
| the_wireshark_foundation | wireshark | — | — |
| wireshark | wireshark | >= 0 < 3.4.4-1 | 3.4.4-1 |
| wireshark | wireshark | >= 0 < 3.4.4-1 | 3.4.4-1 |
| wireshark | wireshark | >= 0 < 3.4.4-1 | 3.4.4-1 |
| wireshark | wireshark | >= 0 < 3.4.4-1 | 3.4.4-1 |
| wireshark | wireshark | 3.2.0 – 3.2.11 | — |
| wireshark | wireshark | 3.4.0 – 3.4.3 | — |
CVSS provenance
nvdv3.18.8HIGHCVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
osv8.8HIGH