Description
Buffer overflow in the Bluetooth SDP dissector in Wireshark 3.4.0 to 3.4.9 and 3.2.0 to 3.2.17 allows denial of service via packet injection or crafted capture file
References (8)
Core 8
Core References
Mailing List, Third Party Advisory vendor-advisory
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YEWTIRMC2MFQBZ2O5M4CJHJM4JPBHLXH/
Mailing List, Third Party Advisory vendor-advisory
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/A6AJFIYIHS3TYDD2EBYBJ5KKE52X34BJ/
Third Party Advisory vendor-advisory
https://www.debian.org/security/2021/dsa-5019
Mailing List, Third Party Advisory mailing-list
https://lists.debian.org/debian-lts-announce/2021/12/msg00015.html
Third Party Advisory vendor-advisory
https://security.gentoo.org/glsa/202210-04
Third Party Advisory
https://gitlab.com/gitlab-org/cves/-/blob/master/2021/CVE-2021-39925.json
Exploit, Issue Tracking, Patch, Third Party Advisory
https://gitlab.com/wireshark/wireshark/-/issues/17635
Vendor Advisory
https://www.wireshark.org/security/wnpa-sec-2021-09.html
Scores
CVSS v3
7.5
EPSS
0.0462
EPSS Percentile
89.3%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Details
CWE
CWE-120
Status
published
Products (4)
debian/debian_linux
9.0
fedoraproject/fedora
34
fedoraproject/fedora
35
wireshark/wireshark
3.2.0 - 3.2.17
Published
Nov 19, 2021
Tracked Since
Feb 18, 2026