CVE-2021-39925Classic Buffer Overflow in Wireshark

CWE-120Classic Buffer Overflow7 documents7 sources
Severity
7.5HIGHNVD
EPSS
4.6%
top 10.71%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
4
WiresharkWireshark Foundation WiresharkDebian Linux+1 more
Timeline
PublishedNov 19
Latest updateMay 24

Description

Buffer overflow in the Bluetooth SDP dissector in Wireshark 3.4.0 to 3.4.9 and 3.2.0 to 3.2.17 allows denial of service via packet injection or crafted capture file

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 3.9 | Impact: 3.6

Affected Packages3 packages

Debianwireshark/wireshark< 3.4.10-0+deb11u1+3
NVDwireshark/wireshark3.2.03.2.17+1
CVEListV5wireshark_foundation/wireshark>=3.2.0, <3.2.18, >=3.4.0, <3.4.10+1

Also affects: Debian Linux 9.0, Fedora 34, 35

Patches

Patch: gitlab.comPatch: gitlab.com

🔴Vulnerability Details

3
GHSA
GHSA-cqr2-f5xh-xf23: Buffer overflow in the Bluetooth SDP dissector in Wireshark 32022-05-24
CVEList
CVE-2021-39925: Buffer overflow in the Bluetooth SDP dissector in Wireshark 32021-11-19
OSV
CVE-2021-39925: Buffer overflow in the Bluetooth SDP dissector in Wireshark 32021-11-19

📋Vendor Advisories

3
Red Hat
wireshark: bluetooth SDP dissector crash2021-11-17
Microsoft
Buffer overflow in the Bluetooth SDP dissector in Wireshark 3.4.0 to 3.4.9 and 3.2.0 to 3.2.17 allows denial of service via packet injection or crafted capture file2021-11-09
Debian
CVE-2021-39925: wireshark - Buffer overflow in the Bluetooth SDP dissector in Wireshark 3.4.0 to 3.4.9 and 3...2021
CVE-2021-39925 — Classic Buffer Overflow in Wireshark | cvebase