Vulnerabilites related to The Wireshark Foundation - Wireshark
cve-2021-22235
Vulnerability from cvelistv5
Published
2021-07-20 00:00
Modified
2024-08-03 18:37
Severity ?
EPSS score ?
Summary
Crash in DNP dissector in Wireshark 3.4.0 to 3.4.6 and 3.2.0 to 3.2.14 allows denial of service via packet injection or crafted capture file
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| The Wireshark Foundation | Wireshark |
Version: >=3.4.0, <3.4.7 Version: >=3.2.0, <3.2.15 |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T18:37:18.219Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://www.wireshark.org/security/wnpa-sec-2021-05.html", }, { tags: [ "x_transferred", ], url: "https://gitlab.com/wireshark/wireshark/-/issues/17462", }, { tags: [ "x_transferred", ], url: "https://gitlab.com/gitlab-org/cves/-/blob/master/2021/CVE-2021-22235.json", }, { name: "DSA-5019", tags: [ "vendor-advisory", "x_transferred", ], url: "https://www.debian.org/security/2021/dsa-5019", }, { name: "[debian-lts-announce] 20211226 [SECURITY] [DLA 2849-1] wireshark security update", tags: [ "mailing-list", "x_transferred", ], url: "https://lists.debian.org/debian-lts-announce/2021/12/msg00015.html", }, { name: "GLSA-202210-04", tags: [ "vendor-advisory", "x_transferred", ], url: "https://security.gentoo.org/glsa/202210-04", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "Wireshark", vendor: "The Wireshark Foundation", versions: [ { status: "affected", version: ">=3.4.0, <3.4.7", }, { status: "affected", version: ">=3.2.0, <3.2.15", }, ], }, ], descriptions: [ { lang: "en", value: "Crash in DNP dissector in Wireshark 3.4.0 to 3.4.6 and 3.2.0 to 3.2.14 allows denial of service via packet injection or crafted capture file", }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, }, ], problemTypes: [ { descriptions: [ { description: "Mismatched memory management routines in Wireshark", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2022-10-16T00:00:00", orgId: "ceab7361-8a18-47b1-92ba-4d7d25f6715a", shortName: "GitLab", }, references: [ { url: "https://www.wireshark.org/security/wnpa-sec-2021-05.html", }, { url: "https://gitlab.com/wireshark/wireshark/-/issues/17462", }, { url: "https://gitlab.com/gitlab-org/cves/-/blob/master/2021/CVE-2021-22235.json", }, { name: "DSA-5019", tags: [ "vendor-advisory", ], url: "https://www.debian.org/security/2021/dsa-5019", }, { name: "[debian-lts-announce] 20211226 [SECURITY] [DLA 2849-1] wireshark security update", tags: [ "mailing-list", ], url: "https://lists.debian.org/debian-lts-announce/2021/12/msg00015.html", }, { name: "GLSA-202210-04", tags: [ "vendor-advisory", ], url: "https://security.gentoo.org/glsa/202210-04", }, ], }, }, cveMetadata: { assignerOrgId: "ceab7361-8a18-47b1-92ba-4d7d25f6715a", assignerShortName: "GitLab", cveId: "CVE-2021-22235", datePublished: "2021-07-20T00:00:00", dateReserved: "2021-01-05T00:00:00", dateUpdated: "2024-08-03T18:37:18.219Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2020-26420
Vulnerability from cvelistv5
Published
2020-12-11 17:20
Modified
2024-08-04 15:56
Severity ?
EPSS score ?
Summary
Memory leak in RTPS protocol dissector in Wireshark 3.4.0 and 3.2.0 to 3.2.8 allows denial of service via packet injection or crafted capture file.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.wireshark.org/security/wnpa-sec-2020-18.html | x_refsource_MISC | |
| https://gitlab.com/wireshark/wireshark/-/issues/16994 | x_refsource_MISC | |
| https://gitlab.com/gitlab-org/cves/-/blob/master/2020/CVE-2020-26420.json | x_refsource_CONFIRM | |
| https://security.gentoo.org/glsa/202101-12 | vendor-advisory, x_refsource_GENTOO | |
| https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YHWDZPWQJMLK64VFDWJC5SEGPNH6Y72Z/ | vendor-advisory, x_refsource_FEDORA | |
| https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/M75HYXU36SP6GHIDPHNZGJKEO6TX4C4Y/ | vendor-advisory, x_refsource_FEDORA | |
| https://www.oracle.com/security-alerts/cpuApr2021.html | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| The Wireshark Foundation | Wireshark |
Version: 3.4.0 Version: >= 3.2.0 to < 3.2.9 |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T15:56:04.825Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://www.wireshark.org/security/wnpa-sec-2020-18.html", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://gitlab.com/wireshark/wireshark/-/issues/16994", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://gitlab.com/gitlab-org/cves/-/blob/master/2020/CVE-2020-26420.json", }, { name: "GLSA-202101-12", tags: [ "vendor-advisory", "x_refsource_GENTOO", "x_transferred", ], url: "https://security.gentoo.org/glsa/202101-12", }, { name: "FEDORA-2021-f3011da665", tags: [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YHWDZPWQJMLK64VFDWJC5SEGPNH6Y72Z/", }, { name: "FEDORA-2021-138674557c", tags: [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/M75HYXU36SP6GHIDPHNZGJKEO6TX4C4Y/", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://www.oracle.com/security-alerts/cpuApr2021.html", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "Wireshark", vendor: "The Wireshark Foundation", versions: [ { status: "affected", version: "3.4.0", }, { status: "affected", version: ">= 3.2.0 to < 3.2.9", }, ], }, ], descriptions: [ { lang: "en", value: "Memory leak in RTPS protocol dissector in Wireshark 3.4.0 and 3.2.0 to 3.2.8 allows denial of service via packet injection or crafted capture file.", }, ], metrics: [ { cvssV3_1: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "LOW", baseScore: 3.1, baseSeverity: "LOW", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", version: "3.1", }, }, ], problemTypes: [ { descriptions: [ { description: "Missing release of memory after effective lifetime in Wireshark", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2021-06-14T17:20:19", orgId: "ceab7361-8a18-47b1-92ba-4d7d25f6715a", shortName: "GitLab", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://www.wireshark.org/security/wnpa-sec-2020-18.html", }, { tags: [ "x_refsource_MISC", ], url: "https://gitlab.com/wireshark/wireshark/-/issues/16994", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://gitlab.com/gitlab-org/cves/-/blob/master/2020/CVE-2020-26420.json", }, { name: "GLSA-202101-12", tags: [ "vendor-advisory", "x_refsource_GENTOO", ], url: "https://security.gentoo.org/glsa/202101-12", }, { name: "FEDORA-2021-f3011da665", tags: [ "vendor-advisory", "x_refsource_FEDORA", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YHWDZPWQJMLK64VFDWJC5SEGPNH6Y72Z/", }, { name: "FEDORA-2021-138674557c", tags: [ "vendor-advisory", "x_refsource_FEDORA", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/M75HYXU36SP6GHIDPHNZGJKEO6TX4C4Y/", }, { tags: [ "x_refsource_MISC", ], url: "https://www.oracle.com/security-alerts/cpuApr2021.html", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@gitlab.com", ID: "CVE-2020-26420", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "Wireshark", version: { version_data: [ { version_value: "3.4.0", }, { version_value: ">= 3.2.0 to < 3.2.9", }, ], }, }, ], }, vendor_name: "The Wireshark Foundation", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Memory leak in RTPS protocol dissector in Wireshark 3.4.0 and 3.2.0 to 3.2.8 allows denial of service via packet injection or crafted capture file.", }, ], }, impact: { cvss: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "LOW", baseScore: 3, baseSeverity: "LOW", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", version: "3.1", }, }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "Missing release of memory after effective lifetime in Wireshark", }, ], }, ], }, references: { reference_data: [ { name: "https://www.wireshark.org/security/wnpa-sec-2020-18.html", refsource: "MISC", url: "https://www.wireshark.org/security/wnpa-sec-2020-18.html", }, { name: "https://gitlab.com/wireshark/wireshark/-/issues/16994", refsource: "MISC", url: "https://gitlab.com/wireshark/wireshark/-/issues/16994", }, { name: "https://gitlab.com/gitlab-org/cves/-/blob/master/2020/CVE-2020-26420.json", refsource: "CONFIRM", url: "https://gitlab.com/gitlab-org/cves/-/blob/master/2020/CVE-2020-26420.json", }, { name: "GLSA-202101-12", refsource: "GENTOO", url: "https://security.gentoo.org/glsa/202101-12", }, { name: "FEDORA-2021-f3011da665", refsource: "FEDORA", url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YHWDZPWQJMLK64VFDWJC5SEGPNH6Y72Z/", }, { name: "FEDORA-2021-138674557c", refsource: "FEDORA", url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/M75HYXU36SP6GHIDPHNZGJKEO6TX4C4Y/", }, { name: "https://www.oracle.com/security-alerts/cpuApr2021.html", refsource: "MISC", url: "https://www.oracle.com/security-alerts/cpuApr2021.html", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "ceab7361-8a18-47b1-92ba-4d7d25f6715a", assignerShortName: "GitLab", cveId: "CVE-2020-26420", datePublished: "2020-12-11T17:20:55", dateReserved: "2020-10-01T00:00:00", dateUpdated: "2024-08-04T15:56:04.825Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2021-22174
Vulnerability from cvelistv5
Published
2021-02-17 14:24
Modified
2024-08-03 18:37
Severity ?
EPSS score ?
Summary
Crash in USB HID dissector in Wireshark 3.4.0 to 3.4.2 allows denial of service via packet injection or crafted capture file
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.wireshark.org/security/wnpa-sec-2021-02.html | x_refsource_MISC | |
| https://gitlab.com/wireshark/wireshark/-/issues/17165 | x_refsource_MISC | |
| https://gitlab.com/gitlab-org/cves/-/blob/master/2021/CVE-2021-22174.json | x_refsource_CONFIRM | |
| https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GND3PIQC3KZALR227V4YUMPKJBA5BZG4/ | vendor-advisory, x_refsource_FEDORA | |
| https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NYXLKQJ3D632XSG6VO7M4YFDAG6GRCLY/ | vendor-advisory, x_refsource_FEDORA | |
| https://www.oracle.com/security-alerts/cpuApr2021.html | x_refsource_MISC | |
| https://security.gentoo.org/glsa/202107-21 | vendor-advisory, x_refsource_GENTOO |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| The Wireshark Foundation | Wireshark |
Version: >=3.4.0, <3.4.3 |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T18:37:17.907Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://www.wireshark.org/security/wnpa-sec-2021-02.html", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://gitlab.com/wireshark/wireshark/-/issues/17165", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://gitlab.com/gitlab-org/cves/-/blob/master/2021/CVE-2021-22174.json", }, { name: "FEDORA-2021-f22ce64b3b", tags: [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GND3PIQC3KZALR227V4YUMPKJBA5BZG4/", }, { name: "FEDORA-2021-5522a34aa0", tags: [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NYXLKQJ3D632XSG6VO7M4YFDAG6GRCLY/", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://www.oracle.com/security-alerts/cpuApr2021.html", }, { name: "GLSA-202107-21", tags: [ "vendor-advisory", "x_refsource_GENTOO", "x_transferred", ], url: "https://security.gentoo.org/glsa/202107-21", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "Wireshark", vendor: "The Wireshark Foundation", versions: [ { status: "affected", version: ">=3.4.0, <3.4.3", }, ], }, ], descriptions: [ { lang: "en", value: "Crash in USB HID dissector in Wireshark 3.4.0 to 3.4.2 allows denial of service via packet injection or crafted capture file", }, ], metrics: [ { cvssV3_1: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "LOW", baseScore: 3.7, baseSeverity: "LOW", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", version: "3.1", }, }, ], problemTypes: [ { descriptions: [ { description: "Uncontrolled memory allocation in Wireshark", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2021-07-09T08:08:23", orgId: "ceab7361-8a18-47b1-92ba-4d7d25f6715a", shortName: "GitLab", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://www.wireshark.org/security/wnpa-sec-2021-02.html", }, { tags: [ "x_refsource_MISC", ], url: "https://gitlab.com/wireshark/wireshark/-/issues/17165", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://gitlab.com/gitlab-org/cves/-/blob/master/2021/CVE-2021-22174.json", }, { name: "FEDORA-2021-f22ce64b3b", tags: [ "vendor-advisory", "x_refsource_FEDORA", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GND3PIQC3KZALR227V4YUMPKJBA5BZG4/", }, { name: "FEDORA-2021-5522a34aa0", tags: [ "vendor-advisory", "x_refsource_FEDORA", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NYXLKQJ3D632XSG6VO7M4YFDAG6GRCLY/", }, { tags: [ "x_refsource_MISC", ], url: "https://www.oracle.com/security-alerts/cpuApr2021.html", }, { name: "GLSA-202107-21", tags: [ "vendor-advisory", "x_refsource_GENTOO", ], url: "https://security.gentoo.org/glsa/202107-21", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@gitlab.com", ID: "CVE-2021-22174", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "Wireshark", version: { version_data: [ { version_value: ">=3.4.0, <3.4.3", }, ], }, }, ], }, vendor_name: "The Wireshark Foundation", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Crash in USB HID dissector in Wireshark 3.4.0 to 3.4.2 allows denial of service via packet injection or crafted capture file", }, ], }, impact: { cvss: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "LOW", baseScore: 3.6, baseSeverity: "LOW", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", version: "3.1", }, }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "Uncontrolled memory allocation in Wireshark", }, ], }, ], }, references: { reference_data: [ { name: "https://www.wireshark.org/security/wnpa-sec-2021-02.html", refsource: "MISC", url: "https://www.wireshark.org/security/wnpa-sec-2021-02.html", }, { name: "https://gitlab.com/wireshark/wireshark/-/issues/17165", refsource: "MISC", url: "https://gitlab.com/wireshark/wireshark/-/issues/17165", }, { name: "https://gitlab.com/gitlab-org/cves/-/blob/master/2021/CVE-2021-22174.json", refsource: "CONFIRM", url: "https://gitlab.com/gitlab-org/cves/-/blob/master/2021/CVE-2021-22174.json", }, { name: "FEDORA-2021-f22ce64b3b", refsource: "FEDORA", url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GND3PIQC3KZALR227V4YUMPKJBA5BZG4/", }, { name: "FEDORA-2021-5522a34aa0", refsource: "FEDORA", url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NYXLKQJ3D632XSG6VO7M4YFDAG6GRCLY/", }, { name: "https://www.oracle.com/security-alerts/cpuApr2021.html", refsource: "MISC", url: "https://www.oracle.com/security-alerts/cpuApr2021.html", }, { name: "GLSA-202107-21", refsource: "GENTOO", url: "https://security.gentoo.org/glsa/202107-21", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "ceab7361-8a18-47b1-92ba-4d7d25f6715a", assignerShortName: "GitLab", cveId: "CVE-2021-22174", datePublished: "2021-02-17T14:24:34", dateReserved: "2021-01-05T00:00:00", dateUpdated: "2024-08-03T18:37:17.907Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2021-22222
Vulnerability from cvelistv5
Published
2021-06-07 12:01
Modified
2024-08-03 18:37
Severity ?
EPSS score ?
Summary
Infinite loop in DVB-S2-BB dissector in Wireshark 3.4.0 to 3.4.5 allows denial of service via packet injection or crafted capture file
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.wireshark.org/security/wnpa-sec-2021-05.html | x_refsource_MISC | |
| https://gitlab.com/wireshark/wireshark/-/merge_requests/3130 | x_refsource_MISC | |
| https://gitlab.com/gitlab-org/cves/-/blob/master/2021/CVE-2021-22222.json | x_refsource_CONFIRM | |
| https://security.gentoo.org/glsa/202107-21 | vendor-advisory, x_refsource_GENTOO | |
| https://www.oracle.com/security-alerts/cpuoct2021.html | x_refsource_MISC | |
| https://www.debian.org/security/2021/dsa-5019 | vendor-advisory, x_refsource_DEBIAN |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| The Wireshark Foundation | Wireshark |
Version: >=3.4.0, <3.4.6 |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T18:37:18.527Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://www.wireshark.org/security/wnpa-sec-2021-05.html", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://gitlab.com/wireshark/wireshark/-/merge_requests/3130", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://gitlab.com/gitlab-org/cves/-/blob/master/2021/CVE-2021-22222.json", }, { name: "GLSA-202107-21", tags: [ "vendor-advisory", "x_refsource_GENTOO", "x_transferred", ], url: "https://security.gentoo.org/glsa/202107-21", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://www.oracle.com/security-alerts/cpuoct2021.html", }, { name: "DSA-5019", tags: [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred", ], url: "https://www.debian.org/security/2021/dsa-5019", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "Wireshark", vendor: "The Wireshark Foundation", versions: [ { status: "affected", version: ">=3.4.0, <3.4.6", }, ], }, ], descriptions: [ { lang: "en", value: "Infinite loop in DVB-S2-BB dissector in Wireshark 3.4.0 to 3.4.5 allows denial of service via packet injection or crafted capture file", }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, }, ], problemTypes: [ { descriptions: [ { description: "Loop with unreachable exit condition ('infinite loop') in Wireshark", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2021-12-11T11:06:18", orgId: "ceab7361-8a18-47b1-92ba-4d7d25f6715a", shortName: "GitLab", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://www.wireshark.org/security/wnpa-sec-2021-05.html", }, { tags: [ "x_refsource_MISC", ], url: "https://gitlab.com/wireshark/wireshark/-/merge_requests/3130", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://gitlab.com/gitlab-org/cves/-/blob/master/2021/CVE-2021-22222.json", }, { name: "GLSA-202107-21", tags: [ "vendor-advisory", "x_refsource_GENTOO", ], url: "https://security.gentoo.org/glsa/202107-21", }, { tags: [ "x_refsource_MISC", ], url: "https://www.oracle.com/security-alerts/cpuoct2021.html", }, { name: "DSA-5019", tags: [ "vendor-advisory", "x_refsource_DEBIAN", ], url: "https://www.debian.org/security/2021/dsa-5019", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@gitlab.com", ID: "CVE-2021-22222", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "Wireshark", version: { version_data: [ { version_value: ">=3.4.0, <3.4.6", }, ], }, }, ], }, vendor_name: "The Wireshark Foundation", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Infinite loop in DVB-S2-BB dissector in Wireshark 3.4.0 to 3.4.5 allows denial of service via packet injection or crafted capture file", }, ], }, impact: { cvss: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "Loop with unreachable exit condition ('infinite loop') in Wireshark", }, ], }, ], }, references: { reference_data: [ { name: "https://www.wireshark.org/security/wnpa-sec-2021-05.html", refsource: "MISC", url: "https://www.wireshark.org/security/wnpa-sec-2021-05.html", }, { name: "https://gitlab.com/wireshark/wireshark/-/merge_requests/3130", refsource: "MISC", url: "https://gitlab.com/wireshark/wireshark/-/merge_requests/3130", }, { name: "https://gitlab.com/gitlab-org/cves/-/blob/master/2021/CVE-2021-22222.json", refsource: "CONFIRM", url: "https://gitlab.com/gitlab-org/cves/-/blob/master/2021/CVE-2021-22222.json", }, { name: "GLSA-202107-21", refsource: "GENTOO", url: "https://security.gentoo.org/glsa/202107-21", }, { name: "https://www.oracle.com/security-alerts/cpuoct2021.html", refsource: "MISC", url: "https://www.oracle.com/security-alerts/cpuoct2021.html", }, { name: "DSA-5019", refsource: "DEBIAN", url: "https://www.debian.org/security/2021/dsa-5019", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "ceab7361-8a18-47b1-92ba-4d7d25f6715a", assignerShortName: "GitLab", cveId: "CVE-2021-22222", datePublished: "2021-06-07T12:01:14", dateReserved: "2021-01-05T00:00:00", dateUpdated: "2024-08-03T18:37:18.527Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2020-26419
Vulnerability from cvelistv5
Published
2020-12-11 17:17
Modified
2024-08-04 15:56
Severity ?
EPSS score ?
Summary
Memory leak in the dissection engine in Wireshark 3.4.0 allows denial of service via packet injection or crafted capture file.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.wireshark.org/security/wnpa-sec-2020-19.html | x_refsource_MISC | |
| https://gitlab.com/wireshark/wireshark/-/issues/17032 | x_refsource_MISC | |
| https://gitlab.com/gitlab-org/cves/-/blob/master/2020/CVE-2020-26419.json | x_refsource_CONFIRM | |
| https://security.gentoo.org/glsa/202101-12 | vendor-advisory, x_refsource_GENTOO | |
| https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YHWDZPWQJMLK64VFDWJC5SEGPNH6Y72Z/ | vendor-advisory, x_refsource_FEDORA | |
| https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/M75HYXU36SP6GHIDPHNZGJKEO6TX4C4Y/ | vendor-advisory, x_refsource_FEDORA | |
| https://www.oracle.com/security-alerts/cpuApr2021.html | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| The Wireshark Foundation | Wireshark |
Version: 3.4.0 |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T15:56:04.280Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://www.wireshark.org/security/wnpa-sec-2020-19.html", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://gitlab.com/wireshark/wireshark/-/issues/17032", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://gitlab.com/gitlab-org/cves/-/blob/master/2020/CVE-2020-26419.json", }, { name: "GLSA-202101-12", tags: [ "vendor-advisory", "x_refsource_GENTOO", "x_transferred", ], url: "https://security.gentoo.org/glsa/202101-12", }, { name: "FEDORA-2021-f3011da665", tags: [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YHWDZPWQJMLK64VFDWJC5SEGPNH6Y72Z/", }, { name: "FEDORA-2021-138674557c", tags: [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/M75HYXU36SP6GHIDPHNZGJKEO6TX4C4Y/", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://www.oracle.com/security-alerts/cpuApr2021.html", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "Wireshark", vendor: "The Wireshark Foundation", versions: [ { status: "affected", version: "3.4.0", }, ], }, ], descriptions: [ { lang: "en", value: "Memory leak in the dissection engine in Wireshark 3.4.0 allows denial of service via packet injection or crafted capture file.", }, ], metrics: [ { cvssV3_1: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "LOW", baseScore: 3.1, baseSeverity: "LOW", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", version: "3.1", }, }, ], problemTypes: [ { descriptions: [ { description: "Missing release of memory after effective lifetime in Wireshark", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2021-06-14T17:20:19", orgId: "ceab7361-8a18-47b1-92ba-4d7d25f6715a", shortName: "GitLab", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://www.wireshark.org/security/wnpa-sec-2020-19.html", }, { tags: [ "x_refsource_MISC", ], url: "https://gitlab.com/wireshark/wireshark/-/issues/17032", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://gitlab.com/gitlab-org/cves/-/blob/master/2020/CVE-2020-26419.json", }, { name: "GLSA-202101-12", tags: [ "vendor-advisory", "x_refsource_GENTOO", ], url: "https://security.gentoo.org/glsa/202101-12", }, { name: "FEDORA-2021-f3011da665", tags: [ "vendor-advisory", "x_refsource_FEDORA", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YHWDZPWQJMLK64VFDWJC5SEGPNH6Y72Z/", }, { name: "FEDORA-2021-138674557c", tags: [ "vendor-advisory", "x_refsource_FEDORA", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/M75HYXU36SP6GHIDPHNZGJKEO6TX4C4Y/", }, { tags: [ "x_refsource_MISC", ], url: "https://www.oracle.com/security-alerts/cpuApr2021.html", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@gitlab.com", ID: "CVE-2020-26419", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "Wireshark", version: { version_data: [ { version_value: "3.4.0", }, ], }, }, ], }, vendor_name: "The Wireshark Foundation", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Memory leak in the dissection engine in Wireshark 3.4.0 allows denial of service via packet injection or crafted capture file.", }, ], }, impact: { cvss: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "LOW", baseScore: 3, baseSeverity: "LOW", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", version: "3.1", }, }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "Missing release of memory after effective lifetime in Wireshark", }, ], }, ], }, references: { reference_data: [ { name: "https://www.wireshark.org/security/wnpa-sec-2020-19.html", refsource: "MISC", url: "https://www.wireshark.org/security/wnpa-sec-2020-19.html", }, { name: "https://gitlab.com/wireshark/wireshark/-/issues/17032", refsource: "MISC", url: "https://gitlab.com/wireshark/wireshark/-/issues/17032", }, { name: "https://gitlab.com/gitlab-org/cves/-/blob/master/2020/CVE-2020-26419.json", refsource: "CONFIRM", url: "https://gitlab.com/gitlab-org/cves/-/blob/master/2020/CVE-2020-26419.json", }, { name: "GLSA-202101-12", refsource: "GENTOO", url: "https://security.gentoo.org/glsa/202101-12", }, { name: "FEDORA-2021-f3011da665", refsource: "FEDORA", url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YHWDZPWQJMLK64VFDWJC5SEGPNH6Y72Z/", }, { name: "FEDORA-2021-138674557c", refsource: "FEDORA", url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/M75HYXU36SP6GHIDPHNZGJKEO6TX4C4Y/", }, { name: "https://www.oracle.com/security-alerts/cpuApr2021.html", refsource: "MISC", url: "https://www.oracle.com/security-alerts/cpuApr2021.html", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "ceab7361-8a18-47b1-92ba-4d7d25f6715a", assignerShortName: "GitLab", cveId: "CVE-2020-26419", datePublished: "2020-12-11T17:17:07", dateReserved: "2020-10-01T00:00:00", dateUpdated: "2024-08-04T15:56:04.280Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2020-26421
Vulnerability from cvelistv5
Published
2020-12-11 17:25
Modified
2024-08-04 15:56
Severity ?
EPSS score ?
Summary
Crash in USB HID protocol dissector and possibly other dissectors in Wireshark 3.4.0 and 3.2.0 to 3.2.8 allows denial of service via packet injection or crafted capture file.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.wireshark.org/security/wnpa-sec-2020-17.html | x_refsource_MISC | |
| https://gitlab.com/wireshark/wireshark/-/issues/16958 | x_refsource_MISC | |
| https://gitlab.com/gitlab-org/cves/-/blob/master/2020/CVE-2020-26421.json | x_refsource_CONFIRM | |
| https://security.gentoo.org/glsa/202101-12 | vendor-advisory, x_refsource_GENTOO | |
| https://lists.debian.org/debian-lts-announce/2021/02/msg00008.html | mailing-list, x_refsource_MLIST | |
| https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YHWDZPWQJMLK64VFDWJC5SEGPNH6Y72Z/ | vendor-advisory, x_refsource_FEDORA | |
| https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/M75HYXU36SP6GHIDPHNZGJKEO6TX4C4Y/ | vendor-advisory, x_refsource_FEDORA | |
| https://www.oracle.com/security-alerts/cpuApr2021.html | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| The Wireshark Foundation | Wireshark |
Version: 3.4.0 Version: >= 3.2.0 to < 3.2.9 |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T15:56:04.704Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://www.wireshark.org/security/wnpa-sec-2020-17.html", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://gitlab.com/wireshark/wireshark/-/issues/16958", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://gitlab.com/gitlab-org/cves/-/blob/master/2020/CVE-2020-26421.json", }, { name: "GLSA-202101-12", tags: [ "vendor-advisory", "x_refsource_GENTOO", "x_transferred", ], url: "https://security.gentoo.org/glsa/202101-12", }, { name: "[debian-lts-announce] 20210206 [SECURITY] [DLA 2547-1] wireshark security update", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.debian.org/debian-lts-announce/2021/02/msg00008.html", }, { name: "FEDORA-2021-f3011da665", tags: [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YHWDZPWQJMLK64VFDWJC5SEGPNH6Y72Z/", }, { name: "FEDORA-2021-138674557c", tags: [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/M75HYXU36SP6GHIDPHNZGJKEO6TX4C4Y/", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://www.oracle.com/security-alerts/cpuApr2021.html", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "Wireshark", vendor: "The Wireshark Foundation", versions: [ { status: "affected", version: "3.4.0", }, { status: "affected", version: ">= 3.2.0 to < 3.2.9", }, ], }, ], descriptions: [ { lang: "en", value: "Crash in USB HID protocol dissector and possibly other dissectors in Wireshark 3.4.0 and 3.2.0 to 3.2.8 allows denial of service via packet injection or crafted capture file.", }, ], metrics: [ { cvssV3_1: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "LOW", baseScore: 4.2, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:L", version: "3.1", }, }, ], problemTypes: [ { descriptions: [ { description: "Buffer over-read in Wireshark", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2021-06-14T17:20:20", orgId: "ceab7361-8a18-47b1-92ba-4d7d25f6715a", shortName: "GitLab", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://www.wireshark.org/security/wnpa-sec-2020-17.html", }, { tags: [ "x_refsource_MISC", ], url: "https://gitlab.com/wireshark/wireshark/-/issues/16958", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://gitlab.com/gitlab-org/cves/-/blob/master/2020/CVE-2020-26421.json", }, { name: "GLSA-202101-12", tags: [ "vendor-advisory", "x_refsource_GENTOO", ], url: "https://security.gentoo.org/glsa/202101-12", }, { name: "[debian-lts-announce] 20210206 [SECURITY] [DLA 2547-1] wireshark security update", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.debian.org/debian-lts-announce/2021/02/msg00008.html", }, { name: "FEDORA-2021-f3011da665", tags: [ "vendor-advisory", "x_refsource_FEDORA", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YHWDZPWQJMLK64VFDWJC5SEGPNH6Y72Z/", }, { name: "FEDORA-2021-138674557c", tags: [ "vendor-advisory", "x_refsource_FEDORA", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/M75HYXU36SP6GHIDPHNZGJKEO6TX4C4Y/", }, { tags: [ "x_refsource_MISC", ], url: "https://www.oracle.com/security-alerts/cpuApr2021.html", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@gitlab.com", ID: "CVE-2020-26421", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "Wireshark", version: { version_data: [ { version_value: "3.4.0", }, { version_value: ">= 3.2.0 to < 3.2.9", }, ], }, }, ], }, vendor_name: "The Wireshark Foundation", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Crash in USB HID protocol dissector and possibly other dissectors in Wireshark 3.4.0 and 3.2.0 to 3.2.8 allows denial of service via packet injection or crafted capture file.", }, ], }, impact: { cvss: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "LOW", baseScore: 4.1, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:L", version: "3.1", }, }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "Buffer over-read in Wireshark", }, ], }, ], }, references: { reference_data: [ { name: "https://www.wireshark.org/security/wnpa-sec-2020-17.html", refsource: "MISC", url: "https://www.wireshark.org/security/wnpa-sec-2020-17.html", }, { name: "https://gitlab.com/wireshark/wireshark/-/issues/16958", refsource: "MISC", url: "https://gitlab.com/wireshark/wireshark/-/issues/16958", }, { name: "https://gitlab.com/gitlab-org/cves/-/blob/master/2020/CVE-2020-26421.json", refsource: "CONFIRM", url: "https://gitlab.com/gitlab-org/cves/-/blob/master/2020/CVE-2020-26421.json", }, { name: "GLSA-202101-12", refsource: "GENTOO", url: "https://security.gentoo.org/glsa/202101-12", }, { name: "[debian-lts-announce] 20210206 [SECURITY] [DLA 2547-1] wireshark security update", refsource: "MLIST", url: "https://lists.debian.org/debian-lts-announce/2021/02/msg00008.html", }, { name: "FEDORA-2021-f3011da665", refsource: "FEDORA", url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YHWDZPWQJMLK64VFDWJC5SEGPNH6Y72Z/", }, { name: "FEDORA-2021-138674557c", refsource: "FEDORA", url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/M75HYXU36SP6GHIDPHNZGJKEO6TX4C4Y/", }, { name: "https://www.oracle.com/security-alerts/cpuApr2021.html", refsource: "MISC", url: "https://www.oracle.com/security-alerts/cpuApr2021.html", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "ceab7361-8a18-47b1-92ba-4d7d25f6715a", assignerShortName: "GitLab", cveId: "CVE-2020-26421", datePublished: "2020-12-11T17:25:09", dateReserved: "2020-10-01T00:00:00", dateUpdated: "2024-08-04T15:56:04.704Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2021-22191
Vulnerability from cvelistv5
Published
2021-03-15 17:48
Modified
2024-08-03 18:37
Severity ?
EPSS score ?
Summary
Improper URL handling in Wireshark 3.4.0 to 3.4.3 and 3.2.0 to 3.2.11 could allow remote code execution via via packet injection or crafted capture file.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.wireshark.org/security/wnpa-sec-2021-03.html | x_refsource_MISC | |
| https://gitlab.com/wireshark/wireshark/-/issues/17232 | x_refsource_MISC | |
| https://gitlab.com/gitlab-org/cves/-/blob/master/2021/CVE-2021-22191.json | x_refsource_CONFIRM | |
| https://www.oracle.com/security-alerts/cpuApr2021.html | x_refsource_MISC | |
| https://security.gentoo.org/glsa/202107-21 | vendor-advisory, x_refsource_GENTOO | |
| https://lists.debian.org/debian-lts-announce/2022/03/msg00041.html | mailing-list, x_refsource_MLIST |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| The Wireshark Foundation | Wireshark |
Version: >=3.4.0, <3.4.4 Version: >=3.2.0, <3.2.12 |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T18:37:18.230Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://www.wireshark.org/security/wnpa-sec-2021-03.html", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://gitlab.com/wireshark/wireshark/-/issues/17232", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://gitlab.com/gitlab-org/cves/-/blob/master/2021/CVE-2021-22191.json", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://www.oracle.com/security-alerts/cpuApr2021.html", }, { name: "GLSA-202107-21", tags: [ "vendor-advisory", "x_refsource_GENTOO", "x_transferred", ], url: "https://security.gentoo.org/glsa/202107-21", }, { name: "[debian-lts-announce] 20220331 [SECURITY] [DLA 2967-1] wireshark security update", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.debian.org/debian-lts-announce/2022/03/msg00041.html", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "Wireshark", vendor: "The Wireshark Foundation", versions: [ { status: "affected", version: ">=3.4.0, <3.4.4", }, { status: "affected", version: ">=3.2.0, <3.2.12", }, ], }, ], credits: [ { lang: "en", value: "Lukas Euler", }, ], descriptions: [ { lang: "en", value: "Improper URL handling in Wireshark 3.4.0 to 3.4.3 and 3.2.0 to 3.2.11 could allow remote code execution via via packet injection or crafted capture file.", }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "LOW", baseScore: 6.3, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L", version: "3.1", }, }, ], problemTypes: [ { descriptions: [ { description: "External control of file name or path in Wireshark", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2022-03-31T23:06:13", orgId: "ceab7361-8a18-47b1-92ba-4d7d25f6715a", shortName: "GitLab", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://www.wireshark.org/security/wnpa-sec-2021-03.html", }, { tags: [ "x_refsource_MISC", ], url: "https://gitlab.com/wireshark/wireshark/-/issues/17232", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://gitlab.com/gitlab-org/cves/-/blob/master/2021/CVE-2021-22191.json", }, { tags: [ "x_refsource_MISC", ], url: "https://www.oracle.com/security-alerts/cpuApr2021.html", }, { name: "GLSA-202107-21", tags: [ "vendor-advisory", "x_refsource_GENTOO", ], url: "https://security.gentoo.org/glsa/202107-21", }, { name: "[debian-lts-announce] 20220331 [SECURITY] [DLA 2967-1] wireshark security update", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.debian.org/debian-lts-announce/2022/03/msg00041.html", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@gitlab.com", ID: "CVE-2021-22191", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "Wireshark", version: { version_data: [ { version_value: ">=3.4.0, <3.4.4", }, { version_value: ">=3.2.0, <3.2.12", }, ], }, }, ], }, vendor_name: "The Wireshark Foundation", }, ], }, }, credit: [ { lang: "eng", value: "Lukas Euler", }, ], data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Improper URL handling in Wireshark 3.4.0 to 3.4.3 and 3.2.0 to 3.2.11 could allow remote code execution via via packet injection or crafted capture file.", }, ], }, impact: { cvss: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "LOW", baseScore: 6.2, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L", version: "3.1", }, }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "External control of file name or path in Wireshark", }, ], }, ], }, references: { reference_data: [ { name: "https://www.wireshark.org/security/wnpa-sec-2021-03.html", refsource: "MISC", url: "https://www.wireshark.org/security/wnpa-sec-2021-03.html", }, { name: "https://gitlab.com/wireshark/wireshark/-/issues/17232", refsource: "MISC", url: "https://gitlab.com/wireshark/wireshark/-/issues/17232", }, { name: "https://gitlab.com/gitlab-org/cves/-/blob/master/2021/CVE-2021-22191.json", refsource: "CONFIRM", url: "https://gitlab.com/gitlab-org/cves/-/blob/master/2021/CVE-2021-22191.json", }, { name: "https://www.oracle.com/security-alerts/cpuApr2021.html", refsource: "MISC", url: "https://www.oracle.com/security-alerts/cpuApr2021.html", }, { name: "GLSA-202107-21", refsource: "GENTOO", url: "https://security.gentoo.org/glsa/202107-21", }, { name: "[debian-lts-announce] 20220331 [SECURITY] [DLA 2967-1] wireshark security update", refsource: "MLIST", url: "https://lists.debian.org/debian-lts-announce/2022/03/msg00041.html", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "ceab7361-8a18-47b1-92ba-4d7d25f6715a", assignerShortName: "GitLab", cveId: "CVE-2021-22191", datePublished: "2021-03-15T17:48:04", dateReserved: "2021-01-05T00:00:00", dateUpdated: "2024-08-03T18:37:18.230Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2021-22207
Vulnerability from cvelistv5
Published
2021-04-23 17:32
Modified
2024-08-03 18:37
Severity ?
EPSS score ?
Summary
Excessive memory consumption in MS-WSP dissector in Wireshark 3.4.0 to 3.4.4 and 3.2.0 to 3.2.12 allows denial of service via packet injection or crafted capture file
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.wireshark.org/security/wnpa-sec-2021-04.html | x_refsource_MISC | |
| https://gitlab.com/wireshark/wireshark/-/issues/17331 | x_refsource_MISC | |
| https://gitlab.com/gitlab-org/cves/-/blob/master/2021/CVE-2021-22207.json | x_refsource_CONFIRM | |
| https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NL7ZTMMWIEPHHFK3ONRKATWE7CLIGLFD/ | vendor-advisory, x_refsource_FEDORA | |
| https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GIWWO27HV4HUKXV6NH6ULHCRAQB26DMD/ | vendor-advisory, x_refsource_FEDORA | |
| https://security.gentoo.org/glsa/202107-21 | vendor-advisory, x_refsource_GENTOO | |
| https://www.oracle.com/security-alerts/cpuoct2021.html | x_refsource_MISC | |
| https://www.debian.org/security/2021/dsa-5019 | vendor-advisory, x_refsource_DEBIAN | |
| https://lists.debian.org/debian-lts-announce/2021/12/msg00015.html | mailing-list, x_refsource_MLIST |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| The Wireshark Foundation | Wireshark |
Version: >=3.4.0, <3.4.5 Version: >=3.2.0, <3.2.13 |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T18:37:18.330Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://www.wireshark.org/security/wnpa-sec-2021-04.html", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://gitlab.com/wireshark/wireshark/-/issues/17331", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://gitlab.com/gitlab-org/cves/-/blob/master/2021/CVE-2021-22207.json", }, { name: "FEDORA-2021-6e0508d69d", tags: [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NL7ZTMMWIEPHHFK3ONRKATWE7CLIGLFD/", }, { name: "FEDORA-2021-67691ad99d", tags: [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GIWWO27HV4HUKXV6NH6ULHCRAQB26DMD/", }, { name: "GLSA-202107-21", tags: [ "vendor-advisory", "x_refsource_GENTOO", "x_transferred", ], url: "https://security.gentoo.org/glsa/202107-21", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://www.oracle.com/security-alerts/cpuoct2021.html", }, { name: "DSA-5019", tags: [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred", ], url: "https://www.debian.org/security/2021/dsa-5019", }, { name: "[debian-lts-announce] 20211226 [SECURITY] [DLA 2849-1] wireshark security update", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.debian.org/debian-lts-announce/2021/12/msg00015.html", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "Wireshark", vendor: "The Wireshark Foundation", versions: [ { status: "affected", version: ">=3.4.0, <3.4.5", }, { status: "affected", version: ">=3.2.0, <3.2.13", }, ], }, ], descriptions: [ { lang: "en", value: "Excessive memory consumption in MS-WSP dissector in Wireshark 3.4.0 to 3.4.4 and 3.2.0 to 3.2.12 allows denial of service via packet injection or crafted capture file", }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 5.5, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, }, ], problemTypes: [ { descriptions: [ { description: "Uncontrolled memory allocation in Wireshark", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2021-12-26T21:06:20", orgId: "ceab7361-8a18-47b1-92ba-4d7d25f6715a", shortName: "GitLab", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://www.wireshark.org/security/wnpa-sec-2021-04.html", }, { tags: [ "x_refsource_MISC", ], url: "https://gitlab.com/wireshark/wireshark/-/issues/17331", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://gitlab.com/gitlab-org/cves/-/blob/master/2021/CVE-2021-22207.json", }, { name: "FEDORA-2021-6e0508d69d", tags: [ "vendor-advisory", "x_refsource_FEDORA", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NL7ZTMMWIEPHHFK3ONRKATWE7CLIGLFD/", }, { name: "FEDORA-2021-67691ad99d", tags: [ "vendor-advisory", "x_refsource_FEDORA", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GIWWO27HV4HUKXV6NH6ULHCRAQB26DMD/", }, { name: "GLSA-202107-21", tags: [ "vendor-advisory", "x_refsource_GENTOO", ], url: "https://security.gentoo.org/glsa/202107-21", }, { tags: [ "x_refsource_MISC", ], url: "https://www.oracle.com/security-alerts/cpuoct2021.html", }, { name: "DSA-5019", tags: [ "vendor-advisory", "x_refsource_DEBIAN", ], url: "https://www.debian.org/security/2021/dsa-5019", }, { name: "[debian-lts-announce] 20211226 [SECURITY] [DLA 2849-1] wireshark security update", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.debian.org/debian-lts-announce/2021/12/msg00015.html", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@gitlab.com", ID: "CVE-2021-22207", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "Wireshark", version: { version_data: [ { version_value: ">=3.4.0, <3.4.5", }, { version_value: ">=3.2.0, <3.2.13", }, ], }, }, ], }, vendor_name: "The Wireshark Foundation", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Excessive memory consumption in MS-WSP dissector in Wireshark 3.4.0 to 3.4.4 and 3.2.0 to 3.2.12 allows denial of service via packet injection or crafted capture file", }, ], }, impact: { cvss: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 5.4, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "Uncontrolled memory allocation in Wireshark", }, ], }, ], }, references: { reference_data: [ { name: "https://www.wireshark.org/security/wnpa-sec-2021-04.html", refsource: "MISC", url: "https://www.wireshark.org/security/wnpa-sec-2021-04.html", }, { name: "https://gitlab.com/wireshark/wireshark/-/issues/17331", refsource: "MISC", url: "https://gitlab.com/wireshark/wireshark/-/issues/17331", }, { name: "https://gitlab.com/gitlab-org/cves/-/blob/master/2021/CVE-2021-22207.json", refsource: "CONFIRM", url: "https://gitlab.com/gitlab-org/cves/-/blob/master/2021/CVE-2021-22207.json", }, { name: "FEDORA-2021-6e0508d69d", refsource: "FEDORA", url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NL7ZTMMWIEPHHFK3ONRKATWE7CLIGLFD/", }, { name: "FEDORA-2021-67691ad99d", refsource: "FEDORA", url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GIWWO27HV4HUKXV6NH6ULHCRAQB26DMD/", }, { name: "GLSA-202107-21", refsource: "GENTOO", url: "https://security.gentoo.org/glsa/202107-21", }, { name: "https://www.oracle.com/security-alerts/cpuoct2021.html", refsource: "MISC", url: "https://www.oracle.com/security-alerts/cpuoct2021.html", }, { name: "DSA-5019", refsource: "DEBIAN", url: "https://www.debian.org/security/2021/dsa-5019", }, { name: "[debian-lts-announce] 20211226 [SECURITY] [DLA 2849-1] wireshark security update", refsource: "MLIST", url: "https://lists.debian.org/debian-lts-announce/2021/12/msg00015.html", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "ceab7361-8a18-47b1-92ba-4d7d25f6715a", assignerShortName: "GitLab", cveId: "CVE-2021-22207", datePublished: "2021-04-23T17:32:51", dateReserved: "2021-01-05T00:00:00", dateUpdated: "2024-08-03T18:37:18.330Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2020-26422
Vulnerability from cvelistv5
Published
2020-12-21 17:15
Modified
2024-08-04 15:56
Severity ?
EPSS score ?
Summary
Buffer overflow in QUIC dissector in Wireshark 3.4.0 to 3.4.1 allows denial of service via packet injection or crafted capture file
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.wireshark.org/security/wnpa-sec-2020-20.html | x_refsource_MISC | |
| https://gitlab.com/wireshark/wireshark/-/issues/17073 | x_refsource_MISC | |
| https://gitlab.com/gitlab-org/cves/-/blob/master/2020/CVE-2020-26422.json | x_refsource_CONFIRM | |
| https://security.gentoo.org/glsa/202101-12 | vendor-advisory, x_refsource_GENTOO | |
| https://www.oracle.com/security-alerts/cpuApr2021.html | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| The Wireshark Foundation | Wireshark |
Version: >=3.4.0, <3.4.2 |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T15:56:04.417Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://www.wireshark.org/security/wnpa-sec-2020-20.html", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://gitlab.com/wireshark/wireshark/-/issues/17073", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://gitlab.com/gitlab-org/cves/-/blob/master/2020/CVE-2020-26422.json", }, { name: "GLSA-202101-12", tags: [ "vendor-advisory", "x_refsource_GENTOO", "x_transferred", ], url: "https://security.gentoo.org/glsa/202101-12", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://www.oracle.com/security-alerts/cpuApr2021.html", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "Wireshark", vendor: "The Wireshark Foundation", versions: [ { status: "affected", version: ">=3.4.0, <3.4.2", }, ], }, ], descriptions: [ { lang: "en", value: "Buffer overflow in QUIC dissector in Wireshark 3.4.0 to 3.4.1 allows denial of service via packet injection or crafted capture file", }, ], metrics: [ { cvssV3_1: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "LOW", baseScore: 3.7, baseSeverity: "LOW", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", version: "3.1", }, }, ], problemTypes: [ { descriptions: [ { description: "Buffer copy without checking size of input ('classic buffer overflow') in Wireshark", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2021-06-14T17:20:20", orgId: "ceab7361-8a18-47b1-92ba-4d7d25f6715a", shortName: "GitLab", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://www.wireshark.org/security/wnpa-sec-2020-20.html", }, { tags: [ "x_refsource_MISC", ], url: "https://gitlab.com/wireshark/wireshark/-/issues/17073", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://gitlab.com/gitlab-org/cves/-/blob/master/2020/CVE-2020-26422.json", }, { name: "GLSA-202101-12", tags: [ "vendor-advisory", "x_refsource_GENTOO", ], url: "https://security.gentoo.org/glsa/202101-12", }, { tags: [ "x_refsource_MISC", ], url: "https://www.oracle.com/security-alerts/cpuApr2021.html", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@gitlab.com", ID: "CVE-2020-26422", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "Wireshark", version: { version_data: [ { version_value: ">=3.4.0, <3.4.2", }, ], }, }, ], }, vendor_name: "The Wireshark Foundation", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Buffer overflow in QUIC dissector in Wireshark 3.4.0 to 3.4.1 allows denial of service via packet injection or crafted capture file", }, ], }, impact: { cvss: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "LOW", baseScore: 3.6, baseSeverity: "LOW", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", version: "3.1", }, }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "Buffer copy without checking size of input ('classic buffer overflow') in Wireshark", }, ], }, ], }, references: { reference_data: [ { name: "https://www.wireshark.org/security/wnpa-sec-2020-20.html", refsource: "MISC", url: "https://www.wireshark.org/security/wnpa-sec-2020-20.html", }, { name: "https://gitlab.com/wireshark/wireshark/-/issues/17073", refsource: "MISC", url: "https://gitlab.com/wireshark/wireshark/-/issues/17073", }, { name: "https://gitlab.com/gitlab-org/cves/-/blob/master/2020/CVE-2020-26422.json", refsource: "CONFIRM", url: "https://gitlab.com/gitlab-org/cves/-/blob/master/2020/CVE-2020-26422.json", }, { name: "GLSA-202101-12", refsource: "GENTOO", url: "https://security.gentoo.org/glsa/202101-12", }, { name: "https://www.oracle.com/security-alerts/cpuApr2021.html", refsource: "MISC", url: "https://www.oracle.com/security-alerts/cpuApr2021.html", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "ceab7361-8a18-47b1-92ba-4d7d25f6715a", assignerShortName: "GitLab", cveId: "CVE-2020-26422", datePublished: "2020-12-21T17:15:13", dateReserved: "2020-10-01T00:00:00", dateUpdated: "2024-08-04T15:56:04.417Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2021-22173
Vulnerability from cvelistv5
Published
2021-02-17 14:26
Modified
2024-08-03 18:37
Severity ?
EPSS score ?
Summary
Memory leak in USB HID dissector in Wireshark 3.4.0 to 3.4.2 allows denial of service via packet injection or crafted capture file
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.wireshark.org/security/wnpa-sec-2021-01.html | x_refsource_MISC | |
| https://gitlab.com/wireshark/wireshark/-/issues/17124 | x_refsource_MISC | |
| https://gitlab.com/gitlab-org/cves/-/blob/master/2021/CVE-2021-22173.json | x_refsource_CONFIRM | |
| https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GND3PIQC3KZALR227V4YUMPKJBA5BZG4/ | vendor-advisory, x_refsource_FEDORA | |
| https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NYXLKQJ3D632XSG6VO7M4YFDAG6GRCLY/ | vendor-advisory, x_refsource_FEDORA | |
| https://www.oracle.com/security-alerts/cpuApr2021.html | x_refsource_MISC | |
| https://security.gentoo.org/glsa/202107-21 | vendor-advisory, x_refsource_GENTOO |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| The Wireshark Foundation | Wireshark |
Version: >=3.4.0, <3.4.3 |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T18:37:17.473Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://www.wireshark.org/security/wnpa-sec-2021-01.html", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://gitlab.com/wireshark/wireshark/-/issues/17124", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://gitlab.com/gitlab-org/cves/-/blob/master/2021/CVE-2021-22173.json", }, { name: "FEDORA-2021-f22ce64b3b", tags: [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GND3PIQC3KZALR227V4YUMPKJBA5BZG4/", }, { name: "FEDORA-2021-5522a34aa0", tags: [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NYXLKQJ3D632XSG6VO7M4YFDAG6GRCLY/", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://www.oracle.com/security-alerts/cpuApr2021.html", }, { name: "GLSA-202107-21", tags: [ "vendor-advisory", "x_refsource_GENTOO", "x_transferred", ], url: "https://security.gentoo.org/glsa/202107-21", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "Wireshark", vendor: "The Wireshark Foundation", versions: [ { status: "affected", version: ">=3.4.0, <3.4.3", }, ], }, ], descriptions: [ { lang: "en", value: "Memory leak in USB HID dissector in Wireshark 3.4.0 to 3.4.2 allows denial of service via packet injection or crafted capture file", }, ], metrics: [ { cvssV3_1: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "LOW", baseScore: 3.7, baseSeverity: "LOW", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", version: "3.1", }, }, ], problemTypes: [ { descriptions: [ { description: "Missing release of memory after effective lifetime in Wireshark", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2021-07-09T08:08:20", orgId: "ceab7361-8a18-47b1-92ba-4d7d25f6715a", shortName: "GitLab", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://www.wireshark.org/security/wnpa-sec-2021-01.html", }, { tags: [ "x_refsource_MISC", ], url: "https://gitlab.com/wireshark/wireshark/-/issues/17124", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://gitlab.com/gitlab-org/cves/-/blob/master/2021/CVE-2021-22173.json", }, { name: "FEDORA-2021-f22ce64b3b", tags: [ "vendor-advisory", "x_refsource_FEDORA", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GND3PIQC3KZALR227V4YUMPKJBA5BZG4/", }, { name: "FEDORA-2021-5522a34aa0", tags: [ "vendor-advisory", "x_refsource_FEDORA", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NYXLKQJ3D632XSG6VO7M4YFDAG6GRCLY/", }, { tags: [ "x_refsource_MISC", ], url: "https://www.oracle.com/security-alerts/cpuApr2021.html", }, { name: "GLSA-202107-21", tags: [ "vendor-advisory", "x_refsource_GENTOO", ], url: "https://security.gentoo.org/glsa/202107-21", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@gitlab.com", ID: "CVE-2021-22173", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "Wireshark", version: { version_data: [ { version_value: ">=3.4.0, <3.4.3", }, ], }, }, ], }, vendor_name: "The Wireshark Foundation", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Memory leak in USB HID dissector in Wireshark 3.4.0 to 3.4.2 allows denial of service via packet injection or crafted capture file", }, ], }, impact: { cvss: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "LOW", baseScore: 3.6, baseSeverity: "LOW", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", version: "3.1", }, }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "Missing release of memory after effective lifetime in Wireshark", }, ], }, ], }, references: { reference_data: [ { name: "https://www.wireshark.org/security/wnpa-sec-2021-01.html", refsource: "MISC", url: "https://www.wireshark.org/security/wnpa-sec-2021-01.html", }, { name: "https://gitlab.com/wireshark/wireshark/-/issues/17124", refsource: "MISC", url: "https://gitlab.com/wireshark/wireshark/-/issues/17124", }, { name: "https://gitlab.com/gitlab-org/cves/-/blob/master/2021/CVE-2021-22173.json", refsource: "CONFIRM", url: "https://gitlab.com/gitlab-org/cves/-/blob/master/2021/CVE-2021-22173.json", }, { name: "FEDORA-2021-f22ce64b3b", refsource: "FEDORA", url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GND3PIQC3KZALR227V4YUMPKJBA5BZG4/", }, { name: "FEDORA-2021-5522a34aa0", refsource: "FEDORA", url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NYXLKQJ3D632XSG6VO7M4YFDAG6GRCLY/", }, { name: "https://www.oracle.com/security-alerts/cpuApr2021.html", refsource: "MISC", url: "https://www.oracle.com/security-alerts/cpuApr2021.html", }, { name: "GLSA-202107-21", refsource: "GENTOO", url: "https://security.gentoo.org/glsa/202107-21", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "ceab7361-8a18-47b1-92ba-4d7d25f6715a", assignerShortName: "GitLab", cveId: "CVE-2021-22173", datePublished: "2021-02-17T14:26:20", dateReserved: "2021-01-05T00:00:00", dateUpdated: "2024-08-03T18:37:17.473Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2020-26418
Vulnerability from cvelistv5
Published
2020-12-11 17:27
Modified
2024-08-04 15:56
Severity ?
EPSS score ?
Summary
Memory leak in Kafka protocol dissector in Wireshark 3.4.0 and 3.2.0 to 3.2.8 allows denial of service via packet injection or crafted capture file.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.wireshark.org/security/wnpa-sec-2020-16.html | x_refsource_MISC | |
| https://gitlab.com/wireshark/wireshark/-/issues/16739 | x_refsource_MISC | |
| https://gitlab.com/gitlab-org/cves/-/blob/master/2020/CVE-2020-26418.json | x_refsource_CONFIRM | |
| https://security.gentoo.org/glsa/202101-12 | vendor-advisory, x_refsource_GENTOO | |
| https://lists.debian.org/debian-lts-announce/2021/02/msg00008.html | mailing-list, x_refsource_MLIST | |
| https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YHWDZPWQJMLK64VFDWJC5SEGPNH6Y72Z/ | vendor-advisory, x_refsource_FEDORA | |
| https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/M75HYXU36SP6GHIDPHNZGJKEO6TX4C4Y/ | vendor-advisory, x_refsource_FEDORA | |
| https://www.oracle.com/security-alerts/cpuApr2021.html | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| The Wireshark Foundation | Wireshark |
Version: 3.4.0 Version: >=3.2.0 to <3.2.9 |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T15:56:04.643Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://www.wireshark.org/security/wnpa-sec-2020-16.html", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://gitlab.com/wireshark/wireshark/-/issues/16739", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://gitlab.com/gitlab-org/cves/-/blob/master/2020/CVE-2020-26418.json", }, { name: "GLSA-202101-12", tags: [ "vendor-advisory", "x_refsource_GENTOO", "x_transferred", ], url: "https://security.gentoo.org/glsa/202101-12", }, { name: "[debian-lts-announce] 20210206 [SECURITY] [DLA 2547-1] wireshark security update", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.debian.org/debian-lts-announce/2021/02/msg00008.html", }, { name: "FEDORA-2021-f3011da665", tags: [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YHWDZPWQJMLK64VFDWJC5SEGPNH6Y72Z/", }, { name: "FEDORA-2021-138674557c", tags: [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/M75HYXU36SP6GHIDPHNZGJKEO6TX4C4Y/", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://www.oracle.com/security-alerts/cpuApr2021.html", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "Wireshark", vendor: "The Wireshark Foundation", versions: [ { status: "affected", version: "3.4.0", }, { status: "affected", version: ">=3.2.0 to <3.2.9", }, ], }, ], descriptions: [ { lang: "en", value: "Memory leak in Kafka protocol dissector in Wireshark 3.4.0 and 3.2.0 to 3.2.8 allows denial of service via packet injection or crafted capture file.", }, ], metrics: [ { cvssV3_1: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "LOW", baseScore: 3.1, baseSeverity: "LOW", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", version: "3.1", }, }, ], problemTypes: [ { descriptions: [ { description: "Missing release of memory after effective lifetime in Wireshark", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2021-06-14T17:20:19", orgId: "ceab7361-8a18-47b1-92ba-4d7d25f6715a", shortName: "GitLab", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://www.wireshark.org/security/wnpa-sec-2020-16.html", }, { tags: [ "x_refsource_MISC", ], url: "https://gitlab.com/wireshark/wireshark/-/issues/16739", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://gitlab.com/gitlab-org/cves/-/blob/master/2020/CVE-2020-26418.json", }, { name: "GLSA-202101-12", tags: [ "vendor-advisory", "x_refsource_GENTOO", ], url: "https://security.gentoo.org/glsa/202101-12", }, { name: "[debian-lts-announce] 20210206 [SECURITY] [DLA 2547-1] wireshark security update", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.debian.org/debian-lts-announce/2021/02/msg00008.html", }, { name: "FEDORA-2021-f3011da665", tags: [ "vendor-advisory", "x_refsource_FEDORA", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YHWDZPWQJMLK64VFDWJC5SEGPNH6Y72Z/", }, { name: "FEDORA-2021-138674557c", tags: [ "vendor-advisory", "x_refsource_FEDORA", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/M75HYXU36SP6GHIDPHNZGJKEO6TX4C4Y/", }, { tags: [ "x_refsource_MISC", ], url: "https://www.oracle.com/security-alerts/cpuApr2021.html", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@gitlab.com", ID: "CVE-2020-26418", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "Wireshark", version: { version_data: [ { version_value: "3.4.0", }, { version_value: ">=3.2.0 to <3.2.9", }, ], }, }, ], }, vendor_name: "The Wireshark Foundation", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Memory leak in Kafka protocol dissector in Wireshark 3.4.0 and 3.2.0 to 3.2.8 allows denial of service via packet injection or crafted capture file.", }, ], }, impact: { cvss: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "LOW", baseScore: 3, baseSeverity: "LOW", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L", version: "3.1", }, }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "Missing release of memory after effective lifetime in Wireshark", }, ], }, ], }, references: { reference_data: [ { name: "https://www.wireshark.org/security/wnpa-sec-2020-16.html", refsource: "MISC", url: "https://www.wireshark.org/security/wnpa-sec-2020-16.html", }, { name: "https://gitlab.com/wireshark/wireshark/-/issues/16739", refsource: "MISC", url: "https://gitlab.com/wireshark/wireshark/-/issues/16739", }, { name: "https://gitlab.com/gitlab-org/cves/-/blob/master/2020/CVE-2020-26418.json", refsource: "CONFIRM", url: "https://gitlab.com/gitlab-org/cves/-/blob/master/2020/CVE-2020-26418.json", }, { name: "GLSA-202101-12", refsource: "GENTOO", url: "https://security.gentoo.org/glsa/202101-12", }, { name: "[debian-lts-announce] 20210206 [SECURITY] [DLA 2547-1] wireshark security update", refsource: "MLIST", url: "https://lists.debian.org/debian-lts-announce/2021/02/msg00008.html", }, { name: "FEDORA-2021-f3011da665", refsource: "FEDORA", url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YHWDZPWQJMLK64VFDWJC5SEGPNH6Y72Z/", }, { name: "FEDORA-2021-138674557c", refsource: "FEDORA", url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/M75HYXU36SP6GHIDPHNZGJKEO6TX4C4Y/", }, { name: "https://www.oracle.com/security-alerts/cpuApr2021.html", refsource: "MISC", url: "https://www.oracle.com/security-alerts/cpuApr2021.html", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "ceab7361-8a18-47b1-92ba-4d7d25f6715a", assignerShortName: "GitLab", cveId: "CVE-2020-26418", datePublished: "2020-12-11T17:27:05", dateReserved: "2020-10-01T00:00:00", dateUpdated: "2024-08-04T15:56:04.643Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }