Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
kasperskyKaspersky LabKLA12354
HistoryNov 17, 2021 - 12:00 a.m.

KLA12354 Multiple vulnerabilities in Wireshark

2021-11-1700:00:00
Kaspersky Lab
threats.kaspersky.com
78

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

8 High

AI Score

Confidence

High

0.02 Low

EPSS

Percentile

89.0%

JSON

Multiple vulnerabilities were found in Wireshark. Malicious users can exploit these vulnerabilities to cause denial of service.

Below is a complete list of vulnerabilities:

  1. Denial of service vulnerability in IEEE 802.11 dissector can be exploited via special crafted packet to cause denial of service.
  2. Denial of service vulnerability in Bluetooth DHT dissector can be exploited via special crafted packet to cause denial of service.
  3. Denial of service vulnerability in Modbuss dissector can be exploited via special crafted packet to cause denial of service.
  4. Denial of service vulnerability in C12.22 dissector can be exploited via special crafted packet to cause denial of service.
  5. Denial of service vulnerability in Bluetooth SDP dissector can be exploited via special crafted packet to cause denial of service.
  6. Denial of service vulnerability in PNRP dissector can be exploited via special crafted packet to cause denial of service.

Original advisories

Bluetooth DHT dissector large loop

Bluetooth DHT dissector crash

Bluetooth SDP dissector crash

IEEE 802.11 dissector crash

C12.22 dissector crash

Modbus dissector crash

PNRP dissector large loop

Related products

Wireshark

CVE list

CVE-2021-39928 critical

CVE-2021-39924 critical

CVE-2021-39921 critical

CVE-2021-39922 critical

CVE-2021-39929 critical

CVE-2021-39925 critical

CVE-2021-39923 critical

Solution

Update to the latest version

Download Wireshark

Impacts

  • DoS

Denial of service. Exploitation of vulnerabilities with this impact can lead to loss of system availability or critical functional fault.

Affected Products

  • Wireshark 3.4.x earlier than 3.4.10Wireshark 3.2.x earlier than 3.2.18

Related

nessus 15
altlinux 2
openvas 8
osv 9
photon 5
debian 2
fedora 2
suse 2
mageia 1
gentoo 1
alpinelinux 7
cvelist 7
redhatcve 7
ubuntucve 7
cve 7
nvd 7
cnvd 7
veracode 7
cbl_mariner 7
prion 7
debiancve 7
nessus
nessus
Wireshark 3.2.x < 3.2.18 Multiple Vulnerabilities (macOS)
2021-11-18 00:00:00
Wireshark 3.2.x < 3.2.18 Multiple Vulnerabilities
2021-11-18 00:00:00
Wireshark 3.4.x < 3.4.10 Multiple Vulnerabilities (macOS)
2021-11-18 00:00:00
altlinux
altlinux
Security fix for the ALT Linux 9 package wireshark version 3.4.10-alt1
2021-11-24 00:00:00
Security fix for the ALT Linux 10 package wireshark version 3.4.10-alt1
2021-11-24 00:00:00
openvas
openvas
Fedora: Security Advisory for wireshark (FEDORA-2021-3747cf6107)
2021-12-04 00:00:00
Debian: Security Advisory (DLA-2849-1)
2021-12-27 00:00:00
Fedora: Security Advisory for wireshark (FEDORA-2021-97bd631e0a)
2021-12-04 00:00:00
osv
osv
wireshark - security update
2021-12-26 00:00:00
wireshark - security update
2021-12-10 00:00:00
CVE-2021-39921
2021-11-19 17:15:08
photon
photon
Home Download Photon OS User Documentation FAQ Security Advisories Related Information Lightwave - PHSA-2022-3.0-0341
2021-12-11 00:00:00
Important Photon OS Security Update - PHSA-2022-0341
2022-01-11 00:00:00
Important Photon OS Security Update - PHSA-2021-3.0-0341
2021-12-11 00:00:00
debian
debian
[SECURITY] [DLA 2849-1] wireshark security update
2021-12-26 19:28:32
[SECURITY] [DSA 5019-1] wireshark security update
2021-12-10 19:54:07
fedora
fedora
[SECURITY] Fedora 35 Update: wireshark-3.6.0-1.fc35
2021-12-03 01:16:50
[SECURITY] Fedora 34 Update: wireshark-3.6.0-1.fc34
2021-12-03 01:34:18
suse
suse
Security update for wireshark (moderate)
2021-12-10 00:00:00
Security update for wireshark (moderate)
2021-12-06 00:00:00
mageia
mageia
Updated wireshark packages fix security vulnerability
2021-11-20 22:31:06
gentoo
gentoo
Wireshark: Multiple Vulnerabilities
2022-10-16 00:00:00
alpinelinux
alpinelinux
CVE-2021-39925
2021-11-19 17:15:08
CVE-2021-39922
2021-11-19 17:15:08
CVE-2021-39923
2021-11-19 17:15:00
cvelist
cvelist
CVE-2021-39923
2021-11-19 16:31:03
CVE-2021-39925
2021-11-19 00:00:00
CVE-2021-39924
2021-11-19 00:00:00
redhatcve
redhatcve
CVE-2021-39924
2021-11-22 18:19:37
CVE-2021-39922
2021-11-22 18:19:19
CVE-2021-39925
2021-11-22 18:19:49
ubuntucve
ubuntucve
CVE-2021-39924
2021-11-19 00:00:00
CVE-2021-39921
2021-11-19 00:00:00
CVE-2021-39923
2021-11-19 00:00:00
cve
cve
CVE-2021-39921
2021-11-19 17:15:08
CVE-2021-39923
2021-11-19 17:15:08
CVE-2021-39925
2021-11-19 17:15:08
nvd
nvd
CVE-2021-39922
2021-11-19 17:15:08
CVE-2021-39925
2021-11-19 17:15:08
CVE-2021-39924
2021-11-19 17:15:08
cnvd
cnvd
Wireshark Input Validation Error Vulnerability (CNVD-2022-11205)
2021-11-22 00:00:00
Wireshark null pointer dereference vulnerability (CNVD-2021-90092)
2021-11-22 00:00:00
Wireshark null pointer dereference vulnerability (CNVD-2021-94900)
2021-11-19 00:00:00
veracode
veracode
Denial Of Service (DoS)
2021-12-14 10:07:59
Denial Of Service (DoS)
2021-12-14 10:07:58
Denial Of Service (DoS)
2021-12-14 10:07:41
cbl_mariner
cbl_mariner
CVE-2021-39924 affecting package wireshark for versions less than 3.4.14-1
2022-06-25 20:53:09
CVE-2021-39928 affecting package wireshark for versions less than 3.4.14-1
2022-06-25 20:53:09
CVE-2021-39922 affecting package wireshark for versions less than 3.4.14-1
2022-06-25 20:53:09
prion
prion
Buffer overflow
2021-11-19 17:15:00
Design/Logic Flaw
2021-11-19 17:15:00
Design/Logic Flaw
2021-11-19 17:15:00
debiancve
debiancve
CVE-2021-39925
2021-11-19 17:15:08
CVE-2021-39923
2021-11-19 17:15:08
CVE-2021-39922
2021-11-19 17:15:08

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

8 High

AI Score

Confidence

High

0.02 Low

EPSS

Percentile

89.0%

JSON
Related for KLA12354
nessus15altlinux2openvas8osv9photon5debian2fedora2suse2mageia1gentoo1alpinelinux7cvelist7redhatcve7ubuntucve7cve7nvd7cnvd7veracode7cbl_mariner7prion7debiancve7