CVE-2021-22173

LOW

Wireshark < 3.4.3 - Memory Leak

Title source: rule

Description

Memory leak in USB HID dissector in Wireshark 3.4.0 to 3.4.2 allows denial of service via packet injection or crafted capture file

References (7)

[Third Party Advisory] https://gitlab.com/gitlab-org/cves/-/blob/master/2021/CVE-2021-22173.json

View Writeup ZIP pw:eip

[Exploit, Third Party Advisory] https://gitlab.com/wireshark/wireshark/-/issues/17124

[Third Party Advisory] https://security.gentoo.org/glsa/202107-21

[Patch, Third Party Advisory] https://www.oracle.com/security-alerts/cpuApr2021.html

[Vendor Advisory] https://www.wireshark.org/security/wnpa-sec-2021-01.html

[Mailing List, Third Party Advisory] https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GND3PIQC3KZALR227V4YUMPKJBA5BZG4/

[Mailing List, Third Party Advisory] https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NYXLKQJ3D632XSG6VO7M4YFDAG6GRCLY/

Scores

CVSS v3 3.7

EPSS 0.0050

EPSS Percentile 65.6%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L

Classification

CWE

CWE-401

Status published

Affected Products (4)

wireshark/wireshark < 3.4.3

fedoraproject/fedora

fedoraproject/fedora

oracle/zfs_storage_appliance

Timeline

Published Feb 17, 2021

Tracked Since Feb 18, 2026