CVE-2021-4184

CWE-8358 documents8 sources

Severity

7.5HIGH

EPSS

0.3%

top 45.98%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Wireshark Wireshark Wireshark Foundation Wireshark Debian Debian Linux +3 more

Timeline

PublishedDec 30

Latest updateNov 29

Description

Infinite loop in the BitTorrent DHT dissector in Wireshark 3.6.0 and 3.4.0 to 3.4.10 allows denial of service via packet injection or crafted capture file

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 3.9 | Impact: 3.6

Affected Packages5 packages

▶Debianwireshark< 3.4.16-0+deb11u1+3

▶NVDwireshark/wireshark3.4.0 — 3.4.10+1

▶CVEListV5wireshark_foundation/wireshark=3.6.0, >=3.4.0, <3.4.10+1

▶NVDoracle/http_server12.2.1.3.0, 12.2.1.4.0+1

▶NVDoracle/zfs_storage_appliance_kit8.8

Also affects: Debian Linux 9.0, Fedora 34, 35

🔴Vulnerability Details

GHSA

GHSA-g3fh-c7h3-x56j: Infinite loop in the BitTorrent DHT dissector in Wireshark 3↗2021-12-31

▶

CVEList

CVE-2021-4184: Infinite loop in the BitTorrent DHT dissector in Wireshark 3↗2021-12-30

▶

OSV

CVE-2021-4184: Infinite loop in the BitTorrent DHT dissector in Wireshark 3↗2021-12-30

▶

📋Vendor Advisories

Chrome

Stable Channel Update for Desktop: CVE-2022-4183↗2022-11-29

▶

Red Hat

wireshark: BitTorrent DHT dissector infinite loop↗2021-12-29

▶

Microsoft

Infinite loop in the BitTorrent DHT dissector in Wireshark 3.6.0 and 3.4.0 to 3.4.10 allows denial of service via packet injection or crafted capture file↗2021-12-14

▶

Debian

CVE-2021-4184: wireshark - Infinite loop in the BitTorrent DHT dissector in Wireshark 3.6.0 and 3.4.0 to 3....↗2021

▶