PT-2021-5147 · Wireshark+2 · Wireshark+2

Todo

Published

2021-11-17

Updated

2024-06-15

CVE-2021-39920

CVSS v2.0

7.8

High

Vector

AV:N/AC:L/Au:N/C:N/I:N/A:C

Name of the Vulnerable Software and Affected Versions Wireshark versions 3.4.0 through 3.4.9

Description The issue is related to a NULL pointer exception in the IPPUSB dissector, which can be exploited to cause a denial of service via packet injection or crafted capture files. This can be achieved by a remote attacker, allowing them to disrupt the service. The estimated number of potentially affected devices worldwide is not specified.

Recommendations For Wireshark versions 3.4.0 through 3.4.9, consider disabling the IPPUSB dissector as a temporary workaround until a patch is available. Restrict access to crafted capture files and avoid using the affected dissector to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

DoS

NULL Pointer Dereference

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-476

Related Identifiers

ALT-PU-2021-3354

ALT-PU-2022-1096

ALT-PU-2022-1368

ALT-PU-2022-1599

AZL-7408

BDU:2021-05943

CVE-2021-39920

DSA-5019-1

MGASA-2021-0518

OPENSUSE-SU-2021:1566-1

OPENSUSE-SU-2021:3938-1

OPENSUSE-SU-2021_1566-1

OPENSUSE-SU-2021_3938-1

OPENSUSE-SU-2024:11641-1

SUSE-SU-2021:3938-1

SUSE-SU-2021_3938-1

Affected Products

Alt Linux

Suse

Wireshark

PT-2021-5147 · Wireshark+2 · Wireshark+2

CVE-2021-39920

Weakness Enumeration

Related Identifiers

Affected Products

References · 54