6.8 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
8.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
0.014 Low
EPSS
Percentile
86.5%
Severity: Medium
Date : 2021-03-13
CVE-ID : CVE-2021-22191
Package : wireshark-qt
Type : arbitrary code execution
Remote : Yes
Link : https://security.archlinux.org/AVG-1669
The package wireshark-qt before version 3.4.4-1 is vulnerable to
arbitrary code execution.
Upgrade to 3.4.4-1.
The problem has been fixed upstream in version 3.4.4.
None.
A security issue has been found in Wireshark before version 3.4.4. Some
fields in the Wireshark proto_tree are double-clickable and pass URLs
with arbitrary schemes to the QDesktopServices::openUrl function. http
and https URLs passed to this function are opened by the browser which
is generally safe. For some other schemes like dav and file however,
referenced files will be opened by the system’s standard application
associated with their file type. By preparing internet-hosted file
shares and executable files, arbitrary code execution can be achieved
via malicious pcap(ng) files or captured live-traffic and some user
interaction.
A remote attacker might be able to execute arbitrary code via a crafted
network packet, or a crafted packet trace file.
https://www.wireshark.org/security/wnpa-sec-2021-03.html
https://gitlab.com/wireshark/wireshark/-/issues/17232
https://gitlab.com/wireshark/wireshark/-/merge_requests/2074
https://gitlab.com/wireshark/wireshark/-/commit/b2c58d020c100958beb59d9e62471efab5c3cc2d
https://security.archlinux.org/CVE-2021-22191
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
ArchLinux | any | any | wireshark-qt | < 3.4.4-1 | UNKNOWN |
6.8 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
8.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
0.014 Low
EPSS
Percentile
86.5%