CVE-2021-4184
First published: Thu Dec 30 2021(Updated: )
Infinite loop in the BitTorrent DHT dissector in Wireshark 3.6.0 and 3.4.0 to 3.4.10 allows denial of service via packet injection or crafted capture file
Credit: cve@gitlab.com cve@gitlab.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Wireshark Wireshark | >=3.4.0<=3.4.10 | |
| Wireshark Wireshark | =3.6.0 | |
| Fedoraproject Fedora | =34 | |
| Fedoraproject Fedora | =35 | |
| Debian Debian Linux | =9.0 | |
| Oracle HTTP Server | =12.2.1.3.0 | |
| Oracle HTTP Server | =12.2.1.4.0 | |
| Oracle ZFS Storage Appliance Kit | =8.8 | |
| >=3.4.0<=3.4.10 | ||
| =3.6.0 | ||
| =34 | ||
| =35 | ||
| =9.0 | ||
| =12.2.1.3.0 | ||
| =12.2.1.4.0 | ||
| =8.8 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://gitlab.com/gitlab-org/cves/-/blob/master/2021/CVE-2021-4184.json
- https://gitlab.com/wireshark/wireshark/-/issues/17754
- https://lists.debian.org/debian-lts-announce/2022/03/msg00041.html
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/Q6XGBKWSQFCVYUN4ZK3O3NJIFP3OAFVT/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/R5AEK3XTOIOGCGUILUFISMGX54YJXWGJ/
- https://security.gentoo.org/glsa/202210-04
- https://www.oracle.com/security-alerts/cpuapr2022.html
- https://www.wireshark.org/security/wnpa-sec-2021-18.html
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/R5AEK3XTOIOGCGUILUFISMGX54YJXWGJ/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Q6XGBKWSQFCVYUN4ZK3O3NJIFP3OAFVT/
Frequently Asked Questions
What is CVE-2021-4184?
CVE-2021-4184 is an infinite loop vulnerability in the BitTorrent DHT dissector in Wireshark 3.6.0 and 3.4.0 to 3.4.10 that allows denial of service through packet injection or crafted capture file.
How does CVE-2021-4184 impact Wireshark?
CVE-2021-4184 allows an attacker to cause a denial of service in Wireshark by injecting malicious packets or providing a crafted capture file that triggers an infinite loop in the BitTorrent DHT dissector.
What is the severity of CVE-2021-4184?
CVE-2021-4184 has a severity rating of high, with a CVSS score of 7.5.
Which software versions are affected by CVE-2021-4184?
Wireshark versions 3.6.0 and 3.4.0 to 3.4.10 are affected by CVE-2021-4184.
How can I fix the CVE-2021-4184 vulnerability?
To fix the CVE-2021-4184 vulnerability, it is recommended to update to a patched version of Wireshark (3.4.11 or later for 3.4.x branch, or 3.6.1 or later for 3.6.x branch).
- collector/nvd-index
- agent/type
- collector/mitre-cve
- source/MITRE
- agent/weakness
- agent/references
- agent/severity
- agent/description
- agent/first-publish-date
- collector/nvd-api
- source/NVD
- agent/software-canonical-lookup
- agent/last-modified-date
- agent/author
- agent/softwarecombine
- agent/tags
- agent/event
- vendor/wireshark
- canonical/wireshark wireshark
- version/wireshark wireshark/3.4.0
- version/wireshark wireshark/3.4.10
- version/wireshark wireshark/3.6.0
- vendor/fedoraproject
- canonical/fedoraproject fedora
- version/fedoraproject fedora/34
- version/fedoraproject fedora/35
- vendor/debian
- canonical/debian debian linux
- version/debian debian linux/9.0
- vendor/oracle
- canonical/oracle http server
- version/oracle http server/12.2.1.3.0
- version/oracle http server/12.2.1.4.0
- canonical/oracle zfs storage appliance kit
- version/oracle zfs storage appliance kit/8.8