CVE-2021-39922Classic Buffer Overflow in Wireshark

CWE-120Classic Buffer Overflow7 documents7 sources
Severity
7.5HIGHNVD
EPSS
4.6%
top 10.71%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
4
WiresharkWireshark Foundation WiresharkDebian Linux+1 more
Timeline
PublishedNov 19
Latest updateMay 24

Description

Buffer overflow in the C12.22 dissector in Wireshark 3.4.0 to 3.4.9 and 3.2.0 to 3.2.17 allows denial of service via packet injection or crafted capture file

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 3.9 | Impact: 3.6

Affected Packages3 packages

Debianwireshark/wireshark< 3.4.10-0+deb11u1+3
NVDwireshark/wireshark3.2.03.2.17+1
CVEListV5wireshark_foundation/wireshark>=3.2.0, <3.2.18, >=3.4.0, <3.4.10+1

Also affects: Debian Linux 10.0, 11.0, 9.0, Fedora 34, 35

Patches

Patch: gitlab.comPatch: gitlab.com

🔴Vulnerability Details

3
GHSA
GHSA-xg58-j2w4-mjfm: Buffer overflow in the C122022-05-24
OSV
CVE-2021-39922: Buffer overflow in the C122021-11-19
CVEList
CVE-2021-39922: Buffer overflow in the C122021-11-19

📋Vendor Advisories

3
Red Hat
wireshark: C12.22 dissector crash2021-11-17
Microsoft
Buffer overflow in the C12.22 dissector in Wireshark 3.4.0 to 3.4.9 and 3.2.0 to 3.2.17 allows denial of service via packet injection or crafted capture file2021-11-09
Debian
CVE-2021-39922: wireshark - Buffer overflow in the C12.22 dissector in Wireshark 3.4.0 to 3.4.9 and 3.2.0 to...2021
CVE-2021-39922 — Classic Buffer Overflow in Wireshark | cvebase