CVE-2021-4181 — Out-of-bounds Read in Wireshark

CWE-125 — Out-of-bounds Read CWE-74 — Injection CWE-20 — Improper Input Validation7 documents7 sources

Severity

7.5HIGHNVD

EPSS

0.2%

top 60.47%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Wireshark Wireshark Foundation Wireshark Debian Linux +3 more

Timeline

PublishedDec 30

Latest updateDec 31

Description

Crash in the Sysdig Event dissector in Wireshark 3.6.0 and 3.4.0 to 3.4.10 allows denial of service via packet injection or crafted capture file

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 3.9 | Impact: 3.6

Affected Packages5 packages

▶NVDwireshark/wireshark3.4.0 — 3.4.11+1

▶Debianwireshark/wireshark< 3.4.16-0+deb11u1+3

▶CVEListV5wireshark_foundation/wireshark=3.6.0, >=3.4.0, <3.4.10+1

▶NVDoracle/http_server12.2.1.3.0, 12.2.1.4.0+1

▶NVDoracle/zfs_storage_appliance_kit8.8

Also affects: Debian Linux 9.0, Fedora 34, 35

🔴Vulnerability Details

GHSA

GHSA-jr2g-cv62-4vcw: Crash in the Sysdig Event dissector in Wireshark 3↗2021-12-31

▶

CVEList

CVE-2021-4181: Crash in the Sysdig Event dissector in Wireshark 3↗2021-12-30

▶

OSV

CVE-2021-4181: Crash in the Sysdig Event dissector in Wireshark 3↗2021-12-30

▶

📋Vendor Advisories

Red Hat

wireshark: Sysdig Event dissector crash↗2021-12-29

▶

Microsoft

Crash in the Sysdig Event dissector in Wireshark 3.6.0 and 3.4.0 to 3.4.10 allows denial of service via packet injection or crafted capture file↗2021-12-14

▶

Debian

CVE-2021-4181: wireshark - Crash in the Sysdig Event dissector in Wireshark 3.6.0 and 3.4.0 to 3.4.10 allow...↗2021

▶