CVE-2021-39924

HIGH

Wireshark < 3.2.17 - Denial of Service

Title source: rule

Description

Large loop in the Bluetooth DHT dissector in Wireshark 3.4.0 to 3.4.9 and 3.2.0 to 3.2.17 allows denial of service via packet injection or crafted capture file

References (8)

[Mailing List, Third Party Advisory] https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YEWTIRMC2MFQBZ2O5M4CJHJM4JPBHLXH/

[Mailing List, Third Party Advisory] https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/A6AJFIYIHS3TYDD2EBYBJ5KKE52X34BJ/

[Third Party Advisory] https://www.debian.org/security/2021/dsa-5019

[Mailing List, Third Party Advisory] https://lists.debian.org/debian-lts-announce/2021/12/msg00015.html

[Third Party Advisory] https://security.gentoo.org/glsa/202210-04

[Third Party Advisory] https://gitlab.com/gitlab-org/cves/-/blob/master/2021/CVE-2021-39924.json

View Writeup ZIP pw:eip

[Exploit, Issue Tracking, Patch, Third Party Advisory] https://gitlab.com/wireshark/wireshark/-/issues/17677

[Vendor Advisory] https://www.wireshark.org/security/wnpa-sec-2021-10.html

Scores

CVSS v3 7.5

EPSS 0.0134

EPSS Percentile 80.1%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Details

CWE

CWE-834

Status published

Products (4)

debian/debian_linux 9.0

fedoraproject/fedora 34

fedoraproject/fedora 35

wireshark/wireshark 3.2.0 - 3.2.17

Published Nov 19, 2021

Tracked Since Feb 18, 2026