CVE-2021-39923

HIGH

Wireshark 3.2.0-3.2.17 and 3.4.0-3.4.9 - Denial of Service via PNRP Dissector Large Loop

Title source: llm

Description

Large loop in the PNRP dissector in Wireshark 3.4.0 to 3.4.9 and 3.2.0 to 3.2.17 allows denial of service via packet injection or crafted capture file

References (5)

Core 5

Core References

Third Party Advisory x_refsource_confirm

https://gitlab.com/gitlab-org/cves/-/blob/master/2021/CVE-2021-39923.json

View Writeup ZIP pw:eip

Vendor Advisory x_refsource_misc

https://www.wireshark.org/security/wnpa-sec-2021-11.html

Issue Tracking, Patch, Vendor Advisory x_refsource_misc

https://gitlab.com/wireshark/wireshark/-/issues/17684

Third Party Advisory vendor-advisory x_refsource_debian

https://www.debian.org/security/2021/dsa-5019

Mailing List, Third Party Advisory mailing-list x_refsource_mlist

https://lists.debian.org/debian-lts-announce/2021/12/msg00015.html

Scores

CVSS v3 7.5

EPSS 0.0152

EPSS Percentile 71.1%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Details

CWE

CWE-834

Status published

Products (4)

debian/debian_linux 10.0

debian/debian_linux 11.0

debian/debian_linux 9.0

wireshark/wireshark 3.2.0 - 3.2.17

Published Nov 19, 2021

Tracked Since Feb 18, 2026