First published: Fri Apr 23 2021(Updated: )
Excessive memory consumption in MS-WSP dissector in Wireshark 3.4.0 to 3.4.4 and 3.2.0 to 3.2.12 allows denial of service via packet injection or crafted capture file
Credit: cve@gitlab.com
Affected Software | Affected Version | How to fix |
---|---|---|
debian/wireshark | 2.6.20-0+deb10u4 2.6.20-0+deb10u7 3.4.10-0+deb11u1 4.0.6-1~deb12u1 4.0.10-1 | |
Wireshark Wireshark | >=3.2.0<=3.2.12 | |
Wireshark Wireshark | >=3.4.0<=3.4.4 | |
Fedoraproject Fedora | =33 | |
Fedoraproject Fedora | =34 | |
Oracle ZFS Storage Appliance Kit | =8.8 | |
Debian Debian Linux | =9.0 | |
Debian Debian Linux | =10.0 | |
Debian Debian Linux | =11.0 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2021-22207 is a vulnerability in Wireshark that allows denial of service through excessive memory consumption.
Wireshark versions 3.4.0 to 3.4.4 and 3.2.0 to 3.2.12 are affected by CVE-2021-22207.
CVE-2021-22207 has a severity rating of 6.5 (medium).
CVE-2021-22207 can be exploited through packet injection or a crafted capture file.
Yes, upgrading to Wireshark version 4.0.10 or applying the recommended patches for affected versions resolves CVE-2021-22207.