CVE-2021-22174
First published: Wed Feb 17 2021(Updated: )
Crash in USB HID dissector in Wireshark 3.4.0 to 3.4.2 allows denial of service via packet injection or crafted capture file
Credit: cve@gitlab.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Wireshark Wireshark | >=3.4.0<3.4.3 | |
| Fedoraproject Fedora | =32 | |
| Fedoraproject Fedora | =33 | |
| Oracle ZFS Storage Appliance | =8.8 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://gitlab.com/gitlab-org/cves/-/blob/master/2021/CVE-2021-22174.json
- https://gitlab.com/wireshark/wireshark/-/issues/17165
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GND3PIQC3KZALR227V4YUMPKJBA5BZG4/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NYXLKQJ3D632XSG6VO7M4YFDAG6GRCLY/
- https://security.gentoo.org/glsa/202107-21
- https://www.oracle.com/security-alerts/cpuApr2021.html
- https://www.wireshark.org/security/wnpa-sec-2021-02.html
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GND3PIQC3KZALR227V4YUMPKJBA5BZG4/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NYXLKQJ3D632XSG6VO7M4YFDAG6GRCLY/
Frequently Asked Questions
What is CVE-2021-22174?
CVE-2021-22174 is a vulnerability in Wireshark versions 3.4.0 to 3.4.2 that allows denial of service through packet injection or crafted capture file.
How can this vulnerability be exploited?
This vulnerability can be exploited by injecting malicious packets or using a specially crafted capture file to crash the USB HID dissector in Wireshark.
What is the severity of CVE-2021-22174?
The severity of CVE-2021-22174 is high, with a CVSS score of 7.5.
Which software versions are affected by CVE-2021-22174?
Wireshark versions 3.4.0 to 3.4.2 are affected by CVE-2021-22174.
How can I fix CVE-2021-22174?
Upgrade to Wireshark version 3.4.3 or later to fix CVE-2021-22174.
- collector/nvd-index
- agent/author
- agent/references
- agent/severity
- agent/weakness
- agent/tags
- agent/description
- agent/type
- agent/event
- agent/first-publish-date
- agent/softwarecombine
- agent/last-modified-date
- agent/remedy
- collector/mitre-cve
- source/MITRE
- vendor/wireshark
- canonical/wireshark wireshark
- version/wireshark wireshark/3.4.0
- vendor/fedoraproject
- canonical/fedoraproject fedora
- version/fedoraproject fedora/32
- version/fedoraproject fedora/33
- vendor/oracle
- canonical/oracle zfs storage appliance
- version/oracle zfs storage appliance/8.8