CVE-2021-39928 — NULL Pointer Dereference in Wireshark

CWE-476 — NULL Pointer Dereference7 documents7 sources

Severity

7.5HIGHNVD

EPSS

1.3%

top 19.95%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Wireshark Wireshark Foundation Wireshark Debian Linux +1 more

Timeline

PublishedNov 18

Latest updateMay 24

Description

NULL pointer exception in the IEEE 802.11 dissector in Wireshark 3.4.0 to 3.4.9 and 3.2.0 to 3.2.17 allows denial of service via packet injection or crafted capture file

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 3.9 | Impact: 3.6

Affected Packages3 packages

▶NVDwireshark/wireshark3.2.0 — 3.2.18+1

▶Debianwireshark/wireshark< 3.4.10-0+deb11u1+3

▶CVEListV5wireshark_foundation/wireshark>=3.2.0, <3.2.18, >=3.4.0, <3.4.10+1

Also affects: Debian Linux 9.0, Fedora 34, 35

🔴Vulnerability Details

GHSA

GHSA-3qp2-whc5-gp7w: NULL pointer exception in the IEEE 802↗2022-05-24

▶

OSV

CVE-2021-39928: NULL pointer exception in the IEEE 802↗2021-11-18

▶

CVEList

CVE-2021-39928: NULL pointer exception in the IEEE 802↗2021-11-18

▶

📋Vendor Advisories

Red Hat

wireshark: IEEE 802.11 dissector crash↗2021-11-17

▶

Microsoft

NULL pointer exception in the IEEE 802.11 dissector in Wireshark 3.4.0 to 3.4.9 and 3.2.0 to 3.2.17 allows denial of service via packet injection or crafted capture file↗2021-11-09

▶

Debian

CVE-2021-39928: wireshark - NULL pointer exception in the IEEE 802.11 dissector in Wireshark 3.4.0 to 3.4.9 ...↗2021

▶