CVE-2021-22222

CWE-8357 documents7 sources
Severity
7.5HIGH
EPSS
0.2%
top 59.38%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
6
Wireshark WiresharkTHE Wireshark Foundation WiresharkDebian Debian Linux+3 more
Timeline
PublishedJun 7
Latest updateMay 24

Description

Infinite loop in DVB-S2-BB dissector in Wireshark 3.4.0 to 3.4.5 allows denial of service via packet injection or crafted capture file

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 3.9 | Impact: 3.6

Affected Packages6 packages

Debianwireshark< 3.4.10-0+deb11u1+3
NVDwireshark/wireshark3.4.03.4.5
CVEListV5the_wireshark_foundation/wireshark>=3.4.0, <3.4.6
NVDoracle/instantis_enterprisetrack17.1, 17.2, 17.3+2

Also affects: Debian Linux 10.0, 11.0

Patches

Patch: gitlab.comPatch: www.oracle.comPatch: gitlab.com

🔴Vulnerability Details

3
GHSA
GHSA-jpq9-r35r-969q: Infinite loop in DVB-S2-BB dissector in Wireshark 32022-05-24
CVEList
CVE-2021-22222: Infinite loop in DVB-S2-BB dissector in Wireshark 32021-06-07
OSV
CVE-2021-22222: Infinite loop in DVB-S2-BB dissector in Wireshark 32021-06-07

📋Vendor Advisories

3
Microsoft
Infinite loop in DVB-S2-BB dissector in Wireshark 3.4.0 to 3.4.5 allows denial of service via packet injection or crafted capture file2021-06-08
Red Hat
wireshark: DVB-S2-BB dissector infinite loop2021-06-03
Debian
CVE-2021-22222: wireshark - Infinite loop in DVB-S2-BB dissector in Wireshark 3.4.0 to 3.4.5 allows denial o...2021