CVE-2021-39921
HIGHWireshark 3.2.0-3.2.17 and 3.4.0-3.4.9 - Denial of Service via Modbus Dissector NULL Pointer Dereference
Title source: llmDescription
NULL pointer exception in the Modbus dissector in Wireshark 3.4.0 to 3.4.9 and 3.2.0 to 3.2.17 allows denial of service via packet injection or crafted capture file
References (8)
Core 8
Core References
Mailing List, Third Party Advisory vendor-advisory
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YEWTIRMC2MFQBZ2O5M4CJHJM4JPBHLXH/
Mailing List, Third Party Advisory vendor-advisory
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/A6AJFIYIHS3TYDD2EBYBJ5KKE52X34BJ/
Third Party Advisory vendor-advisory
https://www.debian.org/security/2021/dsa-5019
Mailing List, Third Party Advisory mailing-list
https://lists.debian.org/debian-lts-announce/2021/12/msg00015.html
Third Party Advisory vendor-advisory
https://security.gentoo.org/glsa/202210-04
Third Party Advisory
https://gitlab.com/gitlab-org/cves/-/blob/master/2021/CVE-2021-39921.json
Exploit, Issue Tracking, Patch, Third Party Advisory
https://gitlab.com/wireshark/wireshark/-/issues/17703
Vendor Advisory
https://www.wireshark.org/security/wnpa-sec-2021-14.html
Scores
CVSS v3
7.5
EPSS
0.0134
EPSS Percentile
80.3%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Details
CWE
CWE-476
Status
published
Products (4)
debian/debian_linux
9.0
fedoraproject/fedora
34
fedoraproject/fedora
35
wireshark/wireshark
3.2.0 - 3.2.17
Published
Nov 19, 2021
Tracked Since
Feb 18, 2026