CVE-2021-4190 — Excessive Iteration in Wireshark

CWE-834 — Excessive Iteration CWE-20 — Improper Input Validation CWE-772 — Missing Release of Resource after Effective Lifetime9 documents7 sources

Severity

7.5HIGHNVD

EPSS

0.1%

top 68.97%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Wireshark Wireshark Foundation Wireshark Fedoraproject Fedora

Timeline

PublishedDec 30

Latest updateDec 31

Description

Large loop in the Kafka dissector in Wireshark 3.6.0 allows denial of service via packet injection or crafted capture file

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 3.9 | Impact: 3.6

Affected Packages3 packages

▶NVDwireshark/wireshark3.4.0 — 3.4.12+1

▶Debianwireshark/wireshark< 3.4.16-0+deb11u1+3

▶CVEListV5wireshark_foundation/wireshark=3.6.0

Also affects: Fedora 34, 35

Patches

Patch: gitlab.com ↗Patch: gitlab.com ↗

🔴Vulnerability Details

GHSA

GHSA-pmc4-9968-jrp7: Large loop in the Kafka dissector in Wireshark 3↗2021-12-31

▶

CVEList

CVE-2021-4190: Large loop in the Kafka dissector in Wireshark 3↗2021-12-30

▶

OSV

CVE-2021-4190: Large loop in the Kafka dissector in Wireshark 3↗2021-12-30

▶

📋Vendor Advisories

Red Hat

wireshark: Kafka dissector infinite loop↗2021-12-29

▶

Microsoft

Large loop in the Kafka dissector in Wireshark 3.6.0 allows denial of service via packet injection or crafted capture file↗2021-12-14

▶

Microsoft

Microsoft SharePoint Server Spoofing Vulnerability↗2021-09-14

▶

Microsoft

Microsoft SharePoint Server Spoofing Vulnerability↗2021-09-14

▶

Debian

CVE-2021-4190: wireshark - Large loop in the Kafka dissector in Wireshark 3.6.0 allows denial of service vi...↗2021

▶