CVE-2021-22207

MEDIUM

Wireshark 3.2.0-3.2.12 and 3.4.0-3.4.4 - Denial of Service via MS-WSP Dissector Memory Consumption

Title source: llm

Description

Excessive memory consumption in MS-WSP dissector in Wireshark 3.4.0 to 3.4.4 and 3.2.0 to 3.2.12 allows denial of service via packet injection or crafted capture file

References (9)

Core 9

Core References

Vendor Advisory x_refsource_misc

https://www.wireshark.org/security/wnpa-sec-2021-04.html

Exploit, Third Party Advisory x_refsource_misc

https://gitlab.com/wireshark/wireshark/-/issues/17331

Third Party Advisory x_refsource_confirm

https://gitlab.com/gitlab-org/cves/-/blob/master/2021/CVE-2021-22207.json

View Writeup ZIP pw:eip

Mailing List, Third Party Advisory vendor-advisory x_refsource_fedora

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NL7ZTMMWIEPHHFK3ONRKATWE7CLIGLFD/

Mailing List, Third Party Advisory vendor-advisory x_refsource_fedora

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GIWWO27HV4HUKXV6NH6ULHCRAQB26DMD/

Third Party Advisory vendor-advisory x_refsource_gentoo

https://security.gentoo.org/glsa/202107-21

Patch, Third Party Advisory x_refsource_misc

https://www.oracle.com/security-alerts/cpuoct2021.html

Third Party Advisory vendor-advisory x_refsource_debian

https://www.debian.org/security/2021/dsa-5019

Mailing List, Third Party Advisory mailing-list x_refsource_mlist

https://lists.debian.org/debian-lts-announce/2021/12/msg00015.html

Scores

CVSS v3 5.5

EPSS 0.0047

EPSS Percentile 64.8%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Details

CWE

CWE-770

Status published

Products (7)

debian/debian_linux 9.0

debian/debian_linux 10.0

debian/debian_linux 11.0

fedoraproject/fedora 33

fedoraproject/fedora 34

oracle/zfs_storage_appliance_kit 8.8

wireshark/wireshark 3.2.0 - 3.2.12

Published Apr 23, 2021

Tracked Since Feb 18, 2026