Search criteria
ⓘ
Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.
11 vulnerabilities by The Wireshark Foundation
CVE-2021-22235 (GCVE-0-2021-22235)
Vulnerability from cvelistv5 – Published: 2021-07-20 00:00 – Updated: 2024-08-03 18:37
VLAI?
Summary
Crash in DNP dissector in Wireshark 3.4.0 to 3.4.6 and 3.2.0 to 3.2.14 allows denial of service via packet injection or crafted capture file
Severity ?
7.5 (High)
CWE
- Mismatched memory management routines in Wireshark
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| The Wireshark Foundation | Wireshark |
Affected:
>=3.4.0, <3.4.7
Affected: >=3.2.0, <3.2.15 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T18:37:18.219Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.wireshark.org/security/wnpa-sec-2021-05.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://gitlab.com/wireshark/wireshark/-/issues/17462"
},
{
"tags": [
"x_transferred"
],
"url": "https://gitlab.com/gitlab-org/cves/-/blob/master/2021/CVE-2021-22235.json"
},
{
"name": "DSA-5019",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://www.debian.org/security/2021/dsa-5019"
},
{
"name": "[debian-lts-announce] 20211226 [SECURITY] [DLA 2849-1] wireshark security update",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2021/12/msg00015.html"
},
{
"name": "GLSA-202210-04",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202210-04"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Wireshark",
"vendor": "The Wireshark Foundation",
"versions": [
{
"status": "affected",
"version": "\u003e=3.4.0, \u003c3.4.7"
},
{
"status": "affected",
"version": "\u003e=3.2.0, \u003c3.2.15"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Crash in DNP dissector in Wireshark 3.4.0 to 3.4.6 and 3.2.0 to 3.2.14 allows denial of service via packet injection or crafted capture file"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Mismatched memory management routines in Wireshark",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-10-16T00:00:00.000Z",
"orgId": "ceab7361-8a18-47b1-92ba-4d7d25f6715a",
"shortName": "GitLab"
},
"references": [
{
"url": "https://www.wireshark.org/security/wnpa-sec-2021-05.html"
},
{
"url": "https://gitlab.com/wireshark/wireshark/-/issues/17462"
},
{
"url": "https://gitlab.com/gitlab-org/cves/-/blob/master/2021/CVE-2021-22235.json"
},
{
"name": "DSA-5019",
"tags": [
"vendor-advisory"
],
"url": "https://www.debian.org/security/2021/dsa-5019"
},
{
"name": "[debian-lts-announce] 20211226 [SECURITY] [DLA 2849-1] wireshark security update",
"tags": [
"mailing-list"
],
"url": "https://lists.debian.org/debian-lts-announce/2021/12/msg00015.html"
},
{
"name": "GLSA-202210-04",
"tags": [
"vendor-advisory"
],
"url": "https://security.gentoo.org/glsa/202210-04"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "ceab7361-8a18-47b1-92ba-4d7d25f6715a",
"assignerShortName": "GitLab",
"cveId": "CVE-2021-22235",
"datePublished": "2021-07-20T00:00:00.000Z",
"dateReserved": "2021-01-05T00:00:00.000Z",
"dateUpdated": "2024-08-03T18:37:18.219Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-22222 (GCVE-0-2021-22222)
Vulnerability from cvelistv5 – Published: 2021-06-07 12:01 – Updated: 2024-08-03 18:37
VLAI?
Summary
Infinite loop in DVB-S2-BB dissector in Wireshark 3.4.0 to 3.4.5 allows denial of service via packet injection or crafted capture file
Severity ?
7.5 (High)
CWE
- Loop with unreachable exit condition ('infinite loop') in Wireshark
Assigner
References
| URL | Tags | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| The Wireshark Foundation | Wireshark |
Affected:
>=3.4.0, <3.4.6
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T18:37:18.527Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.wireshark.org/security/wnpa-sec-2021-05.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://gitlab.com/wireshark/wireshark/-/merge_requests/3130"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://gitlab.com/gitlab-org/cves/-/blob/master/2021/CVE-2021-22222.json"
},
{
"name": "GLSA-202107-21",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202107-21"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
},
{
"name": "DSA-5019",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "https://www.debian.org/security/2021/dsa-5019"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Wireshark",
"vendor": "The Wireshark Foundation",
"versions": [
{
"status": "affected",
"version": "\u003e=3.4.0, \u003c3.4.6"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Infinite loop in DVB-S2-BB dissector in Wireshark 3.4.0 to 3.4.5 allows denial of service via packet injection or crafted capture file"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Loop with unreachable exit condition (\u0027infinite loop\u0027) in Wireshark",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-12-11T11:06:18.000Z",
"orgId": "ceab7361-8a18-47b1-92ba-4d7d25f6715a",
"shortName": "GitLab"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.wireshark.org/security/wnpa-sec-2021-05.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://gitlab.com/wireshark/wireshark/-/merge_requests/3130"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://gitlab.com/gitlab-org/cves/-/blob/master/2021/CVE-2021-22222.json"
},
{
"name": "GLSA-202107-21",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/202107-21"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
},
{
"name": "DSA-5019",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "https://www.debian.org/security/2021/dsa-5019"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@gitlab.com",
"ID": "CVE-2021-22222",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Wireshark",
"version": {
"version_data": [
{
"version_value": "\u003e=3.4.0, \u003c3.4.6"
}
]
}
}
]
},
"vendor_name": "The Wireshark Foundation"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Infinite loop in DVB-S2-BB dissector in Wireshark 3.4.0 to 3.4.5 allows denial of service via packet injection or crafted capture file"
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Loop with unreachable exit condition (\u0027infinite loop\u0027) in Wireshark"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.wireshark.org/security/wnpa-sec-2021-05.html",
"refsource": "MISC",
"url": "https://www.wireshark.org/security/wnpa-sec-2021-05.html"
},
{
"name": "https://gitlab.com/wireshark/wireshark/-/merge_requests/3130",
"refsource": "MISC",
"url": "https://gitlab.com/wireshark/wireshark/-/merge_requests/3130"
},
{
"name": "https://gitlab.com/gitlab-org/cves/-/blob/master/2021/CVE-2021-22222.json",
"refsource": "CONFIRM",
"url": "https://gitlab.com/gitlab-org/cves/-/blob/master/2021/CVE-2021-22222.json"
},
{
"name": "GLSA-202107-21",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/202107-21"
},
{
"name": "https://www.oracle.com/security-alerts/cpuoct2021.html",
"refsource": "MISC",
"url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
},
{
"name": "DSA-5019",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2021/dsa-5019"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ceab7361-8a18-47b1-92ba-4d7d25f6715a",
"assignerShortName": "GitLab",
"cveId": "CVE-2021-22222",
"datePublished": "2021-06-07T12:01:14.000Z",
"dateReserved": "2021-01-05T00:00:00.000Z",
"dateUpdated": "2024-08-03T18:37:18.527Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-22207 (GCVE-0-2021-22207)
Vulnerability from cvelistv5 – Published: 2021-04-23 17:32 – Updated: 2024-08-03 18:37
VLAI?
Summary
Excessive memory consumption in MS-WSP dissector in Wireshark 3.4.0 to 3.4.4 and 3.2.0 to 3.2.12 allows denial of service via packet injection or crafted capture file
Severity ?
5.5 (Medium)
CWE
- Uncontrolled memory allocation in Wireshark
Assigner
References
| URL | Tags | ||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| The Wireshark Foundation | Wireshark |
Affected:
>=3.4.0, <3.4.5
Affected: >=3.2.0, <3.2.13 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T18:37:18.330Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.wireshark.org/security/wnpa-sec-2021-04.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://gitlab.com/wireshark/wireshark/-/issues/17331"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://gitlab.com/gitlab-org/cves/-/blob/master/2021/CVE-2021-22207.json"
},
{
"name": "FEDORA-2021-6e0508d69d",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NL7ZTMMWIEPHHFK3ONRKATWE7CLIGLFD/"
},
{
"name": "FEDORA-2021-67691ad99d",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GIWWO27HV4HUKXV6NH6ULHCRAQB26DMD/"
},
{
"name": "GLSA-202107-21",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202107-21"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
},
{
"name": "DSA-5019",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "https://www.debian.org/security/2021/dsa-5019"
},
{
"name": "[debian-lts-announce] 20211226 [SECURITY] [DLA 2849-1] wireshark security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2021/12/msg00015.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Wireshark",
"vendor": "The Wireshark Foundation",
"versions": [
{
"status": "affected",
"version": "\u003e=3.4.0, \u003c3.4.5"
},
{
"status": "affected",
"version": "\u003e=3.2.0, \u003c3.2.13"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Excessive memory consumption in MS-WSP dissector in Wireshark 3.4.0 to 3.4.4 and 3.2.0 to 3.2.12 allows denial of service via packet injection or crafted capture file"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Uncontrolled memory allocation in Wireshark",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-12-26T21:06:20.000Z",
"orgId": "ceab7361-8a18-47b1-92ba-4d7d25f6715a",
"shortName": "GitLab"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.wireshark.org/security/wnpa-sec-2021-04.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://gitlab.com/wireshark/wireshark/-/issues/17331"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://gitlab.com/gitlab-org/cves/-/blob/master/2021/CVE-2021-22207.json"
},
{
"name": "FEDORA-2021-6e0508d69d",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NL7ZTMMWIEPHHFK3ONRKATWE7CLIGLFD/"
},
{
"name": "FEDORA-2021-67691ad99d",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GIWWO27HV4HUKXV6NH6ULHCRAQB26DMD/"
},
{
"name": "GLSA-202107-21",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/202107-21"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
},
{
"name": "DSA-5019",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "https://www.debian.org/security/2021/dsa-5019"
},
{
"name": "[debian-lts-announce] 20211226 [SECURITY] [DLA 2849-1] wireshark security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2021/12/msg00015.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@gitlab.com",
"ID": "CVE-2021-22207",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Wireshark",
"version": {
"version_data": [
{
"version_value": "\u003e=3.4.0, \u003c3.4.5"
},
{
"version_value": "\u003e=3.2.0, \u003c3.2.13"
}
]
}
}
]
},
"vendor_name": "The Wireshark Foundation"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Excessive memory consumption in MS-WSP dissector in Wireshark 3.4.0 to 3.4.4 and 3.2.0 to 3.2.12 allows denial of service via packet injection or crafted capture file"
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Uncontrolled memory allocation in Wireshark"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.wireshark.org/security/wnpa-sec-2021-04.html",
"refsource": "MISC",
"url": "https://www.wireshark.org/security/wnpa-sec-2021-04.html"
},
{
"name": "https://gitlab.com/wireshark/wireshark/-/issues/17331",
"refsource": "MISC",
"url": "https://gitlab.com/wireshark/wireshark/-/issues/17331"
},
{
"name": "https://gitlab.com/gitlab-org/cves/-/blob/master/2021/CVE-2021-22207.json",
"refsource": "CONFIRM",
"url": "https://gitlab.com/gitlab-org/cves/-/blob/master/2021/CVE-2021-22207.json"
},
{
"name": "FEDORA-2021-6e0508d69d",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NL7ZTMMWIEPHHFK3ONRKATWE7CLIGLFD/"
},
{
"name": "FEDORA-2021-67691ad99d",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GIWWO27HV4HUKXV6NH6ULHCRAQB26DMD/"
},
{
"name": "GLSA-202107-21",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/202107-21"
},
{
"name": "https://www.oracle.com/security-alerts/cpuoct2021.html",
"refsource": "MISC",
"url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
},
{
"name": "DSA-5019",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2021/dsa-5019"
},
{
"name": "[debian-lts-announce] 20211226 [SECURITY] [DLA 2849-1] wireshark security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2021/12/msg00015.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ceab7361-8a18-47b1-92ba-4d7d25f6715a",
"assignerShortName": "GitLab",
"cveId": "CVE-2021-22207",
"datePublished": "2021-04-23T17:32:51.000Z",
"dateReserved": "2021-01-05T00:00:00.000Z",
"dateUpdated": "2024-08-03T18:37:18.330Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-22191 (GCVE-0-2021-22191)
Vulnerability from cvelistv5 – Published: 2021-03-15 17:48 – Updated: 2024-08-03 18:37
VLAI?
Summary
Improper URL handling in Wireshark 3.4.0 to 3.4.3 and 3.2.0 to 3.2.11 could allow remote code execution via via packet injection or crafted capture file.
Severity ?
6.3 (Medium)
CWE
- External control of file name or path in Wireshark
Assigner
References
| URL | Tags | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| The Wireshark Foundation | Wireshark |
Affected:
>=3.4.0, <3.4.4
Affected: >=3.2.0, <3.2.12 |
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T18:37:18.230Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.wireshark.org/security/wnpa-sec-2021-03.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://gitlab.com/wireshark/wireshark/-/issues/17232"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://gitlab.com/gitlab-org/cves/-/blob/master/2021/CVE-2021-22191.json"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.oracle.com/security-alerts/cpuApr2021.html"
},
{
"name": "GLSA-202107-21",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202107-21"
},
{
"name": "[debian-lts-announce] 20220331 [SECURITY] [DLA 2967-1] wireshark security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/03/msg00041.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Wireshark",
"vendor": "The Wireshark Foundation",
"versions": [
{
"status": "affected",
"version": "\u003e=3.4.0, \u003c3.4.4"
},
{
"status": "affected",
"version": "\u003e=3.2.0, \u003c3.2.12"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Lukas Euler"
}
],
"descriptions": [
{
"lang": "en",
"value": "Improper URL handling in Wireshark 3.4.0 to 3.4.3 and 3.2.0 to 3.2.11 could allow remote code execution via via packet injection or crafted capture file."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "External control of file name or path in Wireshark",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-03-31T23:06:13.000Z",
"orgId": "ceab7361-8a18-47b1-92ba-4d7d25f6715a",
"shortName": "GitLab"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.wireshark.org/security/wnpa-sec-2021-03.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://gitlab.com/wireshark/wireshark/-/issues/17232"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://gitlab.com/gitlab-org/cves/-/blob/master/2021/CVE-2021-22191.json"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.oracle.com/security-alerts/cpuApr2021.html"
},
{
"name": "GLSA-202107-21",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/202107-21"
},
{
"name": "[debian-lts-announce] 20220331 [SECURITY] [DLA 2967-1] wireshark security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/03/msg00041.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@gitlab.com",
"ID": "CVE-2021-22191",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Wireshark",
"version": {
"version_data": [
{
"version_value": "\u003e=3.4.0, \u003c3.4.4"
},
{
"version_value": "\u003e=3.2.0, \u003c3.2.12"
}
]
}
}
]
},
"vendor_name": "The Wireshark Foundation"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Lukas Euler"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Improper URL handling in Wireshark 3.4.0 to 3.4.3 and 3.2.0 to 3.2.11 could allow remote code execution via via packet injection or crafted capture file."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 6.2,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "External control of file name or path in Wireshark"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.wireshark.org/security/wnpa-sec-2021-03.html",
"refsource": "MISC",
"url": "https://www.wireshark.org/security/wnpa-sec-2021-03.html"
},
{
"name": "https://gitlab.com/wireshark/wireshark/-/issues/17232",
"refsource": "MISC",
"url": "https://gitlab.com/wireshark/wireshark/-/issues/17232"
},
{
"name": "https://gitlab.com/gitlab-org/cves/-/blob/master/2021/CVE-2021-22191.json",
"refsource": "CONFIRM",
"url": "https://gitlab.com/gitlab-org/cves/-/blob/master/2021/CVE-2021-22191.json"
},
{
"name": "https://www.oracle.com/security-alerts/cpuApr2021.html",
"refsource": "MISC",
"url": "https://www.oracle.com/security-alerts/cpuApr2021.html"
},
{
"name": "GLSA-202107-21",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/202107-21"
},
{
"name": "[debian-lts-announce] 20220331 [SECURITY] [DLA 2967-1] wireshark security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2022/03/msg00041.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ceab7361-8a18-47b1-92ba-4d7d25f6715a",
"assignerShortName": "GitLab",
"cveId": "CVE-2021-22191",
"datePublished": "2021-03-15T17:48:04.000Z",
"dateReserved": "2021-01-05T00:00:00.000Z",
"dateUpdated": "2024-08-03T18:37:18.230Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-22173 (GCVE-0-2021-22173)
Vulnerability from cvelistv5 – Published: 2021-02-17 14:26 – Updated: 2024-08-03 18:37
VLAI?
Summary
Memory leak in USB HID dissector in Wireshark 3.4.0 to 3.4.2 allows denial of service via packet injection or crafted capture file
Severity ?
CWE
- Missing release of memory after effective lifetime in Wireshark
Assigner
References
| URL | Tags | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| The Wireshark Foundation | Wireshark |
Affected:
>=3.4.0, <3.4.3
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T18:37:17.473Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.wireshark.org/security/wnpa-sec-2021-01.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://gitlab.com/wireshark/wireshark/-/issues/17124"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://gitlab.com/gitlab-org/cves/-/blob/master/2021/CVE-2021-22173.json"
},
{
"name": "FEDORA-2021-f22ce64b3b",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GND3PIQC3KZALR227V4YUMPKJBA5BZG4/"
},
{
"name": "FEDORA-2021-5522a34aa0",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NYXLKQJ3D632XSG6VO7M4YFDAG6GRCLY/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.oracle.com/security-alerts/cpuApr2021.html"
},
{
"name": "GLSA-202107-21",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202107-21"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Wireshark",
"vendor": "The Wireshark Foundation",
"versions": [
{
"status": "affected",
"version": "\u003e=3.4.0, \u003c3.4.3"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Memory leak in USB HID dissector in Wireshark 3.4.0 to 3.4.2 allows denial of service via packet injection or crafted capture file"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 3.7,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Missing release of memory after effective lifetime in Wireshark",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-07-09T08:08:20.000Z",
"orgId": "ceab7361-8a18-47b1-92ba-4d7d25f6715a",
"shortName": "GitLab"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.wireshark.org/security/wnpa-sec-2021-01.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://gitlab.com/wireshark/wireshark/-/issues/17124"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://gitlab.com/gitlab-org/cves/-/blob/master/2021/CVE-2021-22173.json"
},
{
"name": "FEDORA-2021-f22ce64b3b",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GND3PIQC3KZALR227V4YUMPKJBA5BZG4/"
},
{
"name": "FEDORA-2021-5522a34aa0",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NYXLKQJ3D632XSG6VO7M4YFDAG6GRCLY/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.oracle.com/security-alerts/cpuApr2021.html"
},
{
"name": "GLSA-202107-21",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/202107-21"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@gitlab.com",
"ID": "CVE-2021-22173",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Wireshark",
"version": {
"version_data": [
{
"version_value": "\u003e=3.4.0, \u003c3.4.3"
}
]
}
}
]
},
"vendor_name": "The Wireshark Foundation"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Memory leak in USB HID dissector in Wireshark 3.4.0 to 3.4.2 allows denial of service via packet injection or crafted capture file"
}
]
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 3.6,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Missing release of memory after effective lifetime in Wireshark"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.wireshark.org/security/wnpa-sec-2021-01.html",
"refsource": "MISC",
"url": "https://www.wireshark.org/security/wnpa-sec-2021-01.html"
},
{
"name": "https://gitlab.com/wireshark/wireshark/-/issues/17124",
"refsource": "MISC",
"url": "https://gitlab.com/wireshark/wireshark/-/issues/17124"
},
{
"name": "https://gitlab.com/gitlab-org/cves/-/blob/master/2021/CVE-2021-22173.json",
"refsource": "CONFIRM",
"url": "https://gitlab.com/gitlab-org/cves/-/blob/master/2021/CVE-2021-22173.json"
},
{
"name": "FEDORA-2021-f22ce64b3b",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GND3PIQC3KZALR227V4YUMPKJBA5BZG4/"
},
{
"name": "FEDORA-2021-5522a34aa0",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NYXLKQJ3D632XSG6VO7M4YFDAG6GRCLY/"
},
{
"name": "https://www.oracle.com/security-alerts/cpuApr2021.html",
"refsource": "MISC",
"url": "https://www.oracle.com/security-alerts/cpuApr2021.html"
},
{
"name": "GLSA-202107-21",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/202107-21"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ceab7361-8a18-47b1-92ba-4d7d25f6715a",
"assignerShortName": "GitLab",
"cveId": "CVE-2021-22173",
"datePublished": "2021-02-17T14:26:20.000Z",
"dateReserved": "2021-01-05T00:00:00.000Z",
"dateUpdated": "2024-08-03T18:37:17.473Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-22174 (GCVE-0-2021-22174)
Vulnerability from cvelistv5 – Published: 2021-02-17 14:24 – Updated: 2024-08-03 18:37
VLAI?
Summary
Crash in USB HID dissector in Wireshark 3.4.0 to 3.4.2 allows denial of service via packet injection or crafted capture file
Severity ?
CWE
- Uncontrolled memory allocation in Wireshark
Assigner
References
| URL | Tags | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| The Wireshark Foundation | Wireshark |
Affected:
>=3.4.0, <3.4.3
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T18:37:17.907Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.wireshark.org/security/wnpa-sec-2021-02.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://gitlab.com/wireshark/wireshark/-/issues/17165"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://gitlab.com/gitlab-org/cves/-/blob/master/2021/CVE-2021-22174.json"
},
{
"name": "FEDORA-2021-f22ce64b3b",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GND3PIQC3KZALR227V4YUMPKJBA5BZG4/"
},
{
"name": "FEDORA-2021-5522a34aa0",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NYXLKQJ3D632XSG6VO7M4YFDAG6GRCLY/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.oracle.com/security-alerts/cpuApr2021.html"
},
{
"name": "GLSA-202107-21",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202107-21"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Wireshark",
"vendor": "The Wireshark Foundation",
"versions": [
{
"status": "affected",
"version": "\u003e=3.4.0, \u003c3.4.3"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Crash in USB HID dissector in Wireshark 3.4.0 to 3.4.2 allows denial of service via packet injection or crafted capture file"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 3.7,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Uncontrolled memory allocation in Wireshark",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-07-09T08:08:23.000Z",
"orgId": "ceab7361-8a18-47b1-92ba-4d7d25f6715a",
"shortName": "GitLab"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.wireshark.org/security/wnpa-sec-2021-02.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://gitlab.com/wireshark/wireshark/-/issues/17165"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://gitlab.com/gitlab-org/cves/-/blob/master/2021/CVE-2021-22174.json"
},
{
"name": "FEDORA-2021-f22ce64b3b",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GND3PIQC3KZALR227V4YUMPKJBA5BZG4/"
},
{
"name": "FEDORA-2021-5522a34aa0",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NYXLKQJ3D632XSG6VO7M4YFDAG6GRCLY/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.oracle.com/security-alerts/cpuApr2021.html"
},
{
"name": "GLSA-202107-21",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/202107-21"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@gitlab.com",
"ID": "CVE-2021-22174",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Wireshark",
"version": {
"version_data": [
{
"version_value": "\u003e=3.4.0, \u003c3.4.3"
}
]
}
}
]
},
"vendor_name": "The Wireshark Foundation"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Crash in USB HID dissector in Wireshark 3.4.0 to 3.4.2 allows denial of service via packet injection or crafted capture file"
}
]
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 3.6,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Uncontrolled memory allocation in Wireshark"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.wireshark.org/security/wnpa-sec-2021-02.html",
"refsource": "MISC",
"url": "https://www.wireshark.org/security/wnpa-sec-2021-02.html"
},
{
"name": "https://gitlab.com/wireshark/wireshark/-/issues/17165",
"refsource": "MISC",
"url": "https://gitlab.com/wireshark/wireshark/-/issues/17165"
},
{
"name": "https://gitlab.com/gitlab-org/cves/-/blob/master/2021/CVE-2021-22174.json",
"refsource": "CONFIRM",
"url": "https://gitlab.com/gitlab-org/cves/-/blob/master/2021/CVE-2021-22174.json"
},
{
"name": "FEDORA-2021-f22ce64b3b",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GND3PIQC3KZALR227V4YUMPKJBA5BZG4/"
},
{
"name": "FEDORA-2021-5522a34aa0",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NYXLKQJ3D632XSG6VO7M4YFDAG6GRCLY/"
},
{
"name": "https://www.oracle.com/security-alerts/cpuApr2021.html",
"refsource": "MISC",
"url": "https://www.oracle.com/security-alerts/cpuApr2021.html"
},
{
"name": "GLSA-202107-21",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/202107-21"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ceab7361-8a18-47b1-92ba-4d7d25f6715a",
"assignerShortName": "GitLab",
"cveId": "CVE-2021-22174",
"datePublished": "2021-02-17T14:24:34.000Z",
"dateReserved": "2021-01-05T00:00:00.000Z",
"dateUpdated": "2024-08-03T18:37:17.907Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-26422 (GCVE-0-2020-26422)
Vulnerability from cvelistv5 – Published: 2020-12-21 17:15 – Updated: 2024-08-04 15:56
VLAI?
Summary
Buffer overflow in QUIC dissector in Wireshark 3.4.0 to 3.4.1 allows denial of service via packet injection or crafted capture file
Severity ?
CWE
- Buffer copy without checking size of input ('classic buffer overflow') in Wireshark
Assigner
References
| URL | Tags | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| The Wireshark Foundation | Wireshark |
Affected:
>=3.4.0, <3.4.2
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T15:56:04.417Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.wireshark.org/security/wnpa-sec-2020-20.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://gitlab.com/wireshark/wireshark/-/issues/17073"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://gitlab.com/gitlab-org/cves/-/blob/master/2020/CVE-2020-26422.json"
},
{
"name": "GLSA-202101-12",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202101-12"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.oracle.com/security-alerts/cpuApr2021.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Wireshark",
"vendor": "The Wireshark Foundation",
"versions": [
{
"status": "affected",
"version": "\u003e=3.4.0, \u003c3.4.2"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Buffer overflow in QUIC dissector in Wireshark 3.4.0 to 3.4.1 allows denial of service via packet injection or crafted capture file"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 3.7,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Buffer copy without checking size of input (\u0027classic buffer overflow\u0027) in Wireshark",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-06-14T17:20:20.000Z",
"orgId": "ceab7361-8a18-47b1-92ba-4d7d25f6715a",
"shortName": "GitLab"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.wireshark.org/security/wnpa-sec-2020-20.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://gitlab.com/wireshark/wireshark/-/issues/17073"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://gitlab.com/gitlab-org/cves/-/blob/master/2020/CVE-2020-26422.json"
},
{
"name": "GLSA-202101-12",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/202101-12"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.oracle.com/security-alerts/cpuApr2021.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@gitlab.com",
"ID": "CVE-2020-26422",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Wireshark",
"version": {
"version_data": [
{
"version_value": "\u003e=3.4.0, \u003c3.4.2"
}
]
}
}
]
},
"vendor_name": "The Wireshark Foundation"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Buffer overflow in QUIC dissector in Wireshark 3.4.0 to 3.4.1 allows denial of service via packet injection or crafted capture file"
}
]
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 3.6,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Buffer copy without checking size of input (\u0027classic buffer overflow\u0027) in Wireshark"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.wireshark.org/security/wnpa-sec-2020-20.html",
"refsource": "MISC",
"url": "https://www.wireshark.org/security/wnpa-sec-2020-20.html"
},
{
"name": "https://gitlab.com/wireshark/wireshark/-/issues/17073",
"refsource": "MISC",
"url": "https://gitlab.com/wireshark/wireshark/-/issues/17073"
},
{
"name": "https://gitlab.com/gitlab-org/cves/-/blob/master/2020/CVE-2020-26422.json",
"refsource": "CONFIRM",
"url": "https://gitlab.com/gitlab-org/cves/-/blob/master/2020/CVE-2020-26422.json"
},
{
"name": "GLSA-202101-12",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/202101-12"
},
{
"name": "https://www.oracle.com/security-alerts/cpuApr2021.html",
"refsource": "MISC",
"url": "https://www.oracle.com/security-alerts/cpuApr2021.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ceab7361-8a18-47b1-92ba-4d7d25f6715a",
"assignerShortName": "GitLab",
"cveId": "CVE-2020-26422",
"datePublished": "2020-12-21T17:15:13.000Z",
"dateReserved": "2020-10-01T00:00:00.000Z",
"dateUpdated": "2024-08-04T15:56:04.417Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-26418 (GCVE-0-2020-26418)
Vulnerability from cvelistv5 – Published: 2020-12-11 17:27 – Updated: 2024-08-04 15:56
VLAI?
Summary
Memory leak in Kafka protocol dissector in Wireshark 3.4.0 and 3.2.0 to 3.2.8 allows denial of service via packet injection or crafted capture file.
Severity ?
CWE
- Missing release of memory after effective lifetime in Wireshark
Assigner
References
| URL | Tags | |||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| The Wireshark Foundation | Wireshark |
Affected:
3.4.0
Affected: >=3.2.0 to <3.2.9 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T15:56:04.643Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.wireshark.org/security/wnpa-sec-2020-16.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://gitlab.com/wireshark/wireshark/-/issues/16739"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://gitlab.com/gitlab-org/cves/-/blob/master/2020/CVE-2020-26418.json"
},
{
"name": "GLSA-202101-12",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202101-12"
},
{
"name": "[debian-lts-announce] 20210206 [SECURITY] [DLA 2547-1] wireshark security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2021/02/msg00008.html"
},
{
"name": "FEDORA-2021-f3011da665",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YHWDZPWQJMLK64VFDWJC5SEGPNH6Y72Z/"
},
{
"name": "FEDORA-2021-138674557c",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/M75HYXU36SP6GHIDPHNZGJKEO6TX4C4Y/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.oracle.com/security-alerts/cpuApr2021.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Wireshark",
"vendor": "The Wireshark Foundation",
"versions": [
{
"status": "affected",
"version": "3.4.0"
},
{
"status": "affected",
"version": "\u003e=3.2.0 to \u003c3.2.9"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Memory leak in Kafka protocol dissector in Wireshark 3.4.0 and 3.2.0 to 3.2.8 allows denial of service via packet injection or crafted capture file."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 3.1,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Missing release of memory after effective lifetime in Wireshark",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-06-14T17:20:19.000Z",
"orgId": "ceab7361-8a18-47b1-92ba-4d7d25f6715a",
"shortName": "GitLab"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.wireshark.org/security/wnpa-sec-2020-16.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://gitlab.com/wireshark/wireshark/-/issues/16739"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://gitlab.com/gitlab-org/cves/-/blob/master/2020/CVE-2020-26418.json"
},
{
"name": "GLSA-202101-12",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/202101-12"
},
{
"name": "[debian-lts-announce] 20210206 [SECURITY] [DLA 2547-1] wireshark security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2021/02/msg00008.html"
},
{
"name": "FEDORA-2021-f3011da665",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YHWDZPWQJMLK64VFDWJC5SEGPNH6Y72Z/"
},
{
"name": "FEDORA-2021-138674557c",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/M75HYXU36SP6GHIDPHNZGJKEO6TX4C4Y/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.oracle.com/security-alerts/cpuApr2021.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@gitlab.com",
"ID": "CVE-2020-26418",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Wireshark",
"version": {
"version_data": [
{
"version_value": "3.4.0"
},
{
"version_value": "\u003e=3.2.0 to \u003c3.2.9"
}
]
}
}
]
},
"vendor_name": "The Wireshark Foundation"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Memory leak in Kafka protocol dissector in Wireshark 3.4.0 and 3.2.0 to 3.2.8 allows denial of service via packet injection or crafted capture file."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 3,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Missing release of memory after effective lifetime in Wireshark"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.wireshark.org/security/wnpa-sec-2020-16.html",
"refsource": "MISC",
"url": "https://www.wireshark.org/security/wnpa-sec-2020-16.html"
},
{
"name": "https://gitlab.com/wireshark/wireshark/-/issues/16739",
"refsource": "MISC",
"url": "https://gitlab.com/wireshark/wireshark/-/issues/16739"
},
{
"name": "https://gitlab.com/gitlab-org/cves/-/blob/master/2020/CVE-2020-26418.json",
"refsource": "CONFIRM",
"url": "https://gitlab.com/gitlab-org/cves/-/blob/master/2020/CVE-2020-26418.json"
},
{
"name": "GLSA-202101-12",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/202101-12"
},
{
"name": "[debian-lts-announce] 20210206 [SECURITY] [DLA 2547-1] wireshark security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2021/02/msg00008.html"
},
{
"name": "FEDORA-2021-f3011da665",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YHWDZPWQJMLK64VFDWJC5SEGPNH6Y72Z/"
},
{
"name": "FEDORA-2021-138674557c",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/M75HYXU36SP6GHIDPHNZGJKEO6TX4C4Y/"
},
{
"name": "https://www.oracle.com/security-alerts/cpuApr2021.html",
"refsource": "MISC",
"url": "https://www.oracle.com/security-alerts/cpuApr2021.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ceab7361-8a18-47b1-92ba-4d7d25f6715a",
"assignerShortName": "GitLab",
"cveId": "CVE-2020-26418",
"datePublished": "2020-12-11T17:27:05.000Z",
"dateReserved": "2020-10-01T00:00:00.000Z",
"dateUpdated": "2024-08-04T15:56:04.643Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-26421 (GCVE-0-2020-26421)
Vulnerability from cvelistv5 – Published: 2020-12-11 17:25 – Updated: 2024-08-04 15:56
VLAI?
Summary
Crash in USB HID protocol dissector and possibly other dissectors in Wireshark 3.4.0 and 3.2.0 to 3.2.8 allows denial of service via packet injection or crafted capture file.
Severity ?
4.2 (Medium)
CWE
- Buffer over-read in Wireshark
Assigner
References
| URL | Tags | |||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| The Wireshark Foundation | Wireshark |
Affected:
3.4.0
Affected: >= 3.2.0 to < 3.2.9 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T15:56:04.704Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.wireshark.org/security/wnpa-sec-2020-17.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://gitlab.com/wireshark/wireshark/-/issues/16958"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://gitlab.com/gitlab-org/cves/-/blob/master/2020/CVE-2020-26421.json"
},
{
"name": "GLSA-202101-12",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202101-12"
},
{
"name": "[debian-lts-announce] 20210206 [SECURITY] [DLA 2547-1] wireshark security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2021/02/msg00008.html"
},
{
"name": "FEDORA-2021-f3011da665",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YHWDZPWQJMLK64VFDWJC5SEGPNH6Y72Z/"
},
{
"name": "FEDORA-2021-138674557c",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/M75HYXU36SP6GHIDPHNZGJKEO6TX4C4Y/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.oracle.com/security-alerts/cpuApr2021.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Wireshark",
"vendor": "The Wireshark Foundation",
"versions": [
{
"status": "affected",
"version": "3.4.0"
},
{
"status": "affected",
"version": "\u003e= 3.2.0 to \u003c 3.2.9"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Crash in USB HID protocol dissector and possibly other dissectors in Wireshark 3.4.0 and 3.2.0 to 3.2.8 allows denial of service via packet injection or crafted capture file."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 4.2,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Buffer over-read in Wireshark",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-06-14T17:20:20.000Z",
"orgId": "ceab7361-8a18-47b1-92ba-4d7d25f6715a",
"shortName": "GitLab"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.wireshark.org/security/wnpa-sec-2020-17.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://gitlab.com/wireshark/wireshark/-/issues/16958"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://gitlab.com/gitlab-org/cves/-/blob/master/2020/CVE-2020-26421.json"
},
{
"name": "GLSA-202101-12",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/202101-12"
},
{
"name": "[debian-lts-announce] 20210206 [SECURITY] [DLA 2547-1] wireshark security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2021/02/msg00008.html"
},
{
"name": "FEDORA-2021-f3011da665",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YHWDZPWQJMLK64VFDWJC5SEGPNH6Y72Z/"
},
{
"name": "FEDORA-2021-138674557c",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/M75HYXU36SP6GHIDPHNZGJKEO6TX4C4Y/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.oracle.com/security-alerts/cpuApr2021.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@gitlab.com",
"ID": "CVE-2020-26421",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Wireshark",
"version": {
"version_data": [
{
"version_value": "3.4.0"
},
{
"version_value": "\u003e= 3.2.0 to \u003c 3.2.9"
}
]
}
}
]
},
"vendor_name": "The Wireshark Foundation"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Crash in USB HID protocol dissector and possibly other dissectors in Wireshark 3.4.0 and 3.2.0 to 3.2.8 allows denial of service via packet injection or crafted capture file."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 4.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:L",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Buffer over-read in Wireshark"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.wireshark.org/security/wnpa-sec-2020-17.html",
"refsource": "MISC",
"url": "https://www.wireshark.org/security/wnpa-sec-2020-17.html"
},
{
"name": "https://gitlab.com/wireshark/wireshark/-/issues/16958",
"refsource": "MISC",
"url": "https://gitlab.com/wireshark/wireshark/-/issues/16958"
},
{
"name": "https://gitlab.com/gitlab-org/cves/-/blob/master/2020/CVE-2020-26421.json",
"refsource": "CONFIRM",
"url": "https://gitlab.com/gitlab-org/cves/-/blob/master/2020/CVE-2020-26421.json"
},
{
"name": "GLSA-202101-12",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/202101-12"
},
{
"name": "[debian-lts-announce] 20210206 [SECURITY] [DLA 2547-1] wireshark security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2021/02/msg00008.html"
},
{
"name": "FEDORA-2021-f3011da665",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YHWDZPWQJMLK64VFDWJC5SEGPNH6Y72Z/"
},
{
"name": "FEDORA-2021-138674557c",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/M75HYXU36SP6GHIDPHNZGJKEO6TX4C4Y/"
},
{
"name": "https://www.oracle.com/security-alerts/cpuApr2021.html",
"refsource": "MISC",
"url": "https://www.oracle.com/security-alerts/cpuApr2021.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ceab7361-8a18-47b1-92ba-4d7d25f6715a",
"assignerShortName": "GitLab",
"cveId": "CVE-2020-26421",
"datePublished": "2020-12-11T17:25:09.000Z",
"dateReserved": "2020-10-01T00:00:00.000Z",
"dateUpdated": "2024-08-04T15:56:04.704Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-26420 (GCVE-0-2020-26420)
Vulnerability from cvelistv5 – Published: 2020-12-11 17:20 – Updated: 2024-08-04 15:56
VLAI?
Summary
Memory leak in RTPS protocol dissector in Wireshark 3.4.0 and 3.2.0 to 3.2.8 allows denial of service via packet injection or crafted capture file.
Severity ?
CWE
- Missing release of memory after effective lifetime in Wireshark
Assigner
References
| URL | Tags | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| The Wireshark Foundation | Wireshark |
Affected:
3.4.0
Affected: >= 3.2.0 to < 3.2.9 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T15:56:04.825Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.wireshark.org/security/wnpa-sec-2020-18.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://gitlab.com/wireshark/wireshark/-/issues/16994"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://gitlab.com/gitlab-org/cves/-/blob/master/2020/CVE-2020-26420.json"
},
{
"name": "GLSA-202101-12",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202101-12"
},
{
"name": "FEDORA-2021-f3011da665",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YHWDZPWQJMLK64VFDWJC5SEGPNH6Y72Z/"
},
{
"name": "FEDORA-2021-138674557c",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/M75HYXU36SP6GHIDPHNZGJKEO6TX4C4Y/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.oracle.com/security-alerts/cpuApr2021.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Wireshark",
"vendor": "The Wireshark Foundation",
"versions": [
{
"status": "affected",
"version": "3.4.0"
},
{
"status": "affected",
"version": "\u003e= 3.2.0 to \u003c 3.2.9"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Memory leak in RTPS protocol dissector in Wireshark 3.4.0 and 3.2.0 to 3.2.8 allows denial of service via packet injection or crafted capture file."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 3.1,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Missing release of memory after effective lifetime in Wireshark",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-06-14T17:20:19.000Z",
"orgId": "ceab7361-8a18-47b1-92ba-4d7d25f6715a",
"shortName": "GitLab"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.wireshark.org/security/wnpa-sec-2020-18.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://gitlab.com/wireshark/wireshark/-/issues/16994"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://gitlab.com/gitlab-org/cves/-/blob/master/2020/CVE-2020-26420.json"
},
{
"name": "GLSA-202101-12",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/202101-12"
},
{
"name": "FEDORA-2021-f3011da665",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YHWDZPWQJMLK64VFDWJC5SEGPNH6Y72Z/"
},
{
"name": "FEDORA-2021-138674557c",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/M75HYXU36SP6GHIDPHNZGJKEO6TX4C4Y/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.oracle.com/security-alerts/cpuApr2021.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@gitlab.com",
"ID": "CVE-2020-26420",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Wireshark",
"version": {
"version_data": [
{
"version_value": "3.4.0"
},
{
"version_value": "\u003e= 3.2.0 to \u003c 3.2.9"
}
]
}
}
]
},
"vendor_name": "The Wireshark Foundation"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Memory leak in RTPS protocol dissector in Wireshark 3.4.0 and 3.2.0 to 3.2.8 allows denial of service via packet injection or crafted capture file."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 3,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Missing release of memory after effective lifetime in Wireshark"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.wireshark.org/security/wnpa-sec-2020-18.html",
"refsource": "MISC",
"url": "https://www.wireshark.org/security/wnpa-sec-2020-18.html"
},
{
"name": "https://gitlab.com/wireshark/wireshark/-/issues/16994",
"refsource": "MISC",
"url": "https://gitlab.com/wireshark/wireshark/-/issues/16994"
},
{
"name": "https://gitlab.com/gitlab-org/cves/-/blob/master/2020/CVE-2020-26420.json",
"refsource": "CONFIRM",
"url": "https://gitlab.com/gitlab-org/cves/-/blob/master/2020/CVE-2020-26420.json"
},
{
"name": "GLSA-202101-12",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/202101-12"
},
{
"name": "FEDORA-2021-f3011da665",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YHWDZPWQJMLK64VFDWJC5SEGPNH6Y72Z/"
},
{
"name": "FEDORA-2021-138674557c",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/M75HYXU36SP6GHIDPHNZGJKEO6TX4C4Y/"
},
{
"name": "https://www.oracle.com/security-alerts/cpuApr2021.html",
"refsource": "MISC",
"url": "https://www.oracle.com/security-alerts/cpuApr2021.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ceab7361-8a18-47b1-92ba-4d7d25f6715a",
"assignerShortName": "GitLab",
"cveId": "CVE-2020-26420",
"datePublished": "2020-12-11T17:20:55.000Z",
"dateReserved": "2020-10-01T00:00:00.000Z",
"dateUpdated": "2024-08-04T15:56:04.825Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-26419 (GCVE-0-2020-26419)
Vulnerability from cvelistv5 – Published: 2020-12-11 17:17 – Updated: 2024-08-04 15:56
VLAI?
Summary
Memory leak in the dissection engine in Wireshark 3.4.0 allows denial of service via packet injection or crafted capture file.
Severity ?
CWE
- Missing release of memory after effective lifetime in Wireshark
Assigner
References
| URL | Tags | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| The Wireshark Foundation | Wireshark |
Affected:
3.4.0
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T15:56:04.280Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.wireshark.org/security/wnpa-sec-2020-19.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://gitlab.com/wireshark/wireshark/-/issues/17032"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://gitlab.com/gitlab-org/cves/-/blob/master/2020/CVE-2020-26419.json"
},
{
"name": "GLSA-202101-12",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202101-12"
},
{
"name": "FEDORA-2021-f3011da665",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YHWDZPWQJMLK64VFDWJC5SEGPNH6Y72Z/"
},
{
"name": "FEDORA-2021-138674557c",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/M75HYXU36SP6GHIDPHNZGJKEO6TX4C4Y/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.oracle.com/security-alerts/cpuApr2021.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Wireshark",
"vendor": "The Wireshark Foundation",
"versions": [
{
"status": "affected",
"version": "3.4.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Memory leak in the dissection engine in Wireshark 3.4.0 allows denial of service via packet injection or crafted capture file."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 3.1,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Missing release of memory after effective lifetime in Wireshark",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-06-14T17:20:19.000Z",
"orgId": "ceab7361-8a18-47b1-92ba-4d7d25f6715a",
"shortName": "GitLab"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.wireshark.org/security/wnpa-sec-2020-19.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://gitlab.com/wireshark/wireshark/-/issues/17032"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://gitlab.com/gitlab-org/cves/-/blob/master/2020/CVE-2020-26419.json"
},
{
"name": "GLSA-202101-12",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/202101-12"
},
{
"name": "FEDORA-2021-f3011da665",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YHWDZPWQJMLK64VFDWJC5SEGPNH6Y72Z/"
},
{
"name": "FEDORA-2021-138674557c",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/M75HYXU36SP6GHIDPHNZGJKEO6TX4C4Y/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.oracle.com/security-alerts/cpuApr2021.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@gitlab.com",
"ID": "CVE-2020-26419",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Wireshark",
"version": {
"version_data": [
{
"version_value": "3.4.0"
}
]
}
}
]
},
"vendor_name": "The Wireshark Foundation"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Memory leak in the dissection engine in Wireshark 3.4.0 allows denial of service via packet injection or crafted capture file."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 3,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Missing release of memory after effective lifetime in Wireshark"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.wireshark.org/security/wnpa-sec-2020-19.html",
"refsource": "MISC",
"url": "https://www.wireshark.org/security/wnpa-sec-2020-19.html"
},
{
"name": "https://gitlab.com/wireshark/wireshark/-/issues/17032",
"refsource": "MISC",
"url": "https://gitlab.com/wireshark/wireshark/-/issues/17032"
},
{
"name": "https://gitlab.com/gitlab-org/cves/-/blob/master/2020/CVE-2020-26419.json",
"refsource": "CONFIRM",
"url": "https://gitlab.com/gitlab-org/cves/-/blob/master/2020/CVE-2020-26419.json"
},
{
"name": "GLSA-202101-12",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/202101-12"
},
{
"name": "FEDORA-2021-f3011da665",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YHWDZPWQJMLK64VFDWJC5SEGPNH6Y72Z/"
},
{
"name": "FEDORA-2021-138674557c",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/M75HYXU36SP6GHIDPHNZGJKEO6TX4C4Y/"
},
{
"name": "https://www.oracle.com/security-alerts/cpuApr2021.html",
"refsource": "MISC",
"url": "https://www.oracle.com/security-alerts/cpuApr2021.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ceab7361-8a18-47b1-92ba-4d7d25f6715a",
"assignerShortName": "GitLab",
"cveId": "CVE-2020-26419",
"datePublished": "2020-12-11T17:17:07.000Z",
"dateReserved": "2020-10-01T00:00:00.000Z",
"dateUpdated": "2024-08-04T15:56:04.280Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}