CVE-2021-22207

Published: Apr 23, 2021Modified: Nov 21, 2024

6.5

Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Exploitability: 2.8 / Impact: 3.6

Source: NVD

Description

Excessive memory consumption in MS-WSP dissector in Wireshark 3.4.0 to 3.4.4 and 3.2.0 to 3.2.12 allows denial of service via packet injection or crafted capture file

Affected (8)

Products: Wireshark: Wireshark · Fedoraproject: Fedora · Oracle: Zfs Storage Appliance Kit · +1 more

Show all products

Wireshark: Wireshark · Fedoraproject: Fedora · Oracle: Zfs Storage Appliance Kit · Debian: Debian Linux

1 product

1 product

1 product

Zfs Storage Appliance Kit

Debian

1 product

Debian Linux

Configuration A

2 vulnerable

Vulnerable Software	Affected Versions
Wireshark Wireshark	From 3.2.0 to 3.2.12
Wireshark Wireshark	From 3.4.0 to 3.4.4

Configuration B

2 vulnerable

Vulnerable Software	Affected Versions
Fedoraproject Fedora	Version 33
Fedoraproject Fedora	Version 34

Configuration C

1 vulnerable

Vulnerable Software	Affected Versions
Oracle Zfs Storage Appliance Kit	Version 8.8

Configuration D

3 vulnerable

Vulnerable Software	Affected Versions
Debian Debian Linux	Version 10.0
Debian Debian Linux	Version 11.0
Debian Debian Linux	Version 9.0

Related CWEs

CWE-770

Allocation of Resources Without Limits or Throttling

The product allocates a reusable resource or group of resources on behalf of an actor without imposing any restrictions on the size or number of resources that can be allocated, in violation of the intended security policy for that actor.

References (18)

https://gitlab.com/gitlab-org/cves/-/blob/master/2021/CVE-2021-22207.json

Source: cve@gitlab.com

Third Party Advisory

https://gitlab.com/wireshark/wireshark/-/issues/17331

Source: cve@gitlab.com

ExploitThird Party Advisory

https://lists.debian.org/debian-lts-announce/2021/12/msg00015.html

Source: cve@gitlab.com

Mailing ListThird Party Advisory

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GIWWO27HV4HUKXV6NH6ULHCRAQB26DMD/

Source: cve@gitlab.com

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NL7ZTMMWIEPHHFK3ONRKATWE7CLIGLFD/

Source: cve@gitlab.com

https://security.gentoo.org/glsa/202107-21

Source: cve@gitlab.com

Third Party Advisory

https://www.debian.org/security/2021/dsa-5019

Source: cve@gitlab.com

Third Party Advisory

https://www.oracle.com/security-alerts/cpuoct2021.html

Source: cve@gitlab.com

PatchThird Party Advisory

https://www.wireshark.org/security/wnpa-sec-2021-04.html

Source: cve@gitlab.com

Vendor Advisory

https://gitlab.com/gitlab-org/cves/-/blob/master/2021/CVE-2021-22207.json