CVE-2021-39921NULL Pointer Dereference in Wireshark

CWE-476NULL Pointer Dereference7 documents7 sources
Severity
7.5HIGHNVD
EPSS
1.3%
top 19.95%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
4
WiresharkWireshark Foundation WiresharkDebian Linux+1 more
Timeline
PublishedNov 19
Latest updateNov 20

Description

NULL pointer exception in the Modbus dissector in Wireshark 3.4.0 to 3.4.9 and 3.2.0 to 3.2.17 allows denial of service via packet injection or crafted capture file

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 3.9 | Impact: 3.6

Affected Packages3 packages

Debianwireshark/wireshark< 3.4.10-0+deb11u1+3
NVDwireshark/wireshark3.2.03.2.17+1
CVEListV5wireshark_foundation/wireshark>=3.2.0, <3.2.18, >=3.4.0, <3.4.10+1

Also affects: Debian Linux 9.0, Fedora 34, 35

Patches

Patch: gitlab.comPatch: gitlab.com

🔴Vulnerability Details

3
GHSA
GHSA-5rpm-jh2v-38p6: NULL pointer exception in the Modbus dissector in Wireshark 32021-11-20
CVEList
CVE-2021-39921: NULL pointer exception in the Modbus dissector in Wireshark 32021-11-19
OSV
CVE-2021-39921: NULL pointer exception in the Modbus dissector in Wireshark 32021-11-19

📋Vendor Advisories

3
Red Hat
wireshark: modbus dissector crash2021-11-17
Microsoft
NULL pointer exception in the Modbus dissector in Wireshark 3.4.0 to 3.4.9 and 3.2.0 to 3.2.17 allows denial of service via packet injection or crafted capture file2021-11-09
Debian
CVE-2021-39921: wireshark - NULL pointer exception in the Modbus dissector in Wireshark 3.4.0 to 3.4.9 and 3...2021
CVE-2021-39921 — NULL Pointer Dereference in Wireshark | cvebase