CVE-2021-39929 — Uncontrolled Recursion in Wireshark

CWE-674 — Uncontrolled Recursion9 documents8 sources

Severity

7.5HIGHNVD

EPSS

0.2%

top 63.20%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Wireshark Wireshark Foundation Wireshark Debian Linux +1 more

Timeline

PublishedNov 19

Latest updateJun 4

Description

Uncontrolled Recursion in the Bluetooth DHT dissector in Wireshark 3.4.0 to 3.4.9 and 3.2.0 to 3.2.17 allows denial of service via packet injection or crafted capture file

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 3.9 | Impact: 3.6

Affected Packages4 packages

▶Debianwireshark/wireshark< 3.4.10-0+deb11u1+3

▶Ubuntuwireshark/wireshark< 2.6.10-1~ubuntu14.04.0~esm3+4

▶NVDwireshark/wireshark3.2.0 — 3.2.17+1

▶CVEListV5wireshark_foundation/wireshark>=3.2.0, <3.2.18, >=3.4.0, <3.4.10+1

Also affects: Debian Linux 10.0, 11.0, 9.0, Fedora 34, 35

Patches

Patch: gitlab.com ↗Patch: gitlab.com ↗

🔴Vulnerability Details

OSV

wireshark vulnerabilities↗2025-06-04

▶

GHSA

GHSA-jcx2-5qw3-59p6: Uncontrolled Recursion in the Bluetooth DHT dissector in Wireshark 3↗2022-05-24

▶

CVEList

CVE-2021-39929: Uncontrolled Recursion in the Bluetooth DHT dissector in Wireshark 3↗2021-11-19

▶

OSV

CVE-2021-39929: Uncontrolled Recursion in the Bluetooth DHT dissector in Wireshark 3↗2021-11-19

▶

📋Vendor Advisories

Ubuntu

Wireshark vulnerabilities↗2025-06-04

▶

Red Hat

wireshark: bluetooth DHT dissector crash↗2021-11-17

▶

Microsoft

Uncontrolled Recursion in the Bluetooth DHT dissector in Wireshark 3.4.0 to 3.4.9 and 3.2.0 to 3.2.17 allows denial of service via packet injection or crafted capture file↗2021-11-09

▶

Debian

CVE-2021-39929: wireshark - Uncontrolled Recursion in the Bluetooth DHT dissector in Wireshark 3.4.0 to 3.4....↗2021

▶