Rewterz Threat Advisory – Multiple Apache HTTP Vulnerabilities

December 30, 2021

Rewterz Threat Advisory – CVE-2021-38876 – IBM I Vulnerability

December 31, 2021

Rewterz Threat Advisory – Multiple Wireshark Vulnerabilities

December 31, 2021

Severity

Medium

Analysis Summary

CVE-2021-4181

Wireshark is vulnerable to a denial of service, caused by a flaw in the Sysdig Event dissector. By injecting a malformed packet onto the wire or persuading a victim to read a malformed packet trace file, a remote attacker could exploit this vulnerability to cause the application to crash.

CVE-2021-4182

Wireshark is vulnerable to a denial of service, caused by a flaw in the RFC 7468 file parser. By injecting a malformed packet onto the wire or persuading a victim to read a malformed packet trace file, a remote attacker could exploit this vulnerability to cause the application to enter into an infinite loop.

CVE-2021-4183

Wireshark is vulnerable to a denial of service, caused by a flaw in the pcapng file parser. By injecting a malformed packet onto the wire or persuading a victim to read a malformed packet trace file, a remote attacker could exploit this vulnerability to cause the application to crash.

CVE-2021-4184

Wireshark is vulnerable to a denial of service, caused by a flaw in the BitTorrent DHT dissector. By injecting a malformed packet onto the wire or persuading a victim to read a malformed packet trace file, a remote attacker could exploit this vulnerability to cause the application to enter into an infinite loop.

CVE-2021-4185

Wireshark is vulnerable to a denial of service, caused by a flaw in the RTMPT dissector. By injecting a malformed packet onto the wire or persuading a victim to read a malformed packet trace file, a remote attacker could exploit this vulnerability to cause the application to enter into an infinite loop.

CVE-2021-4186

Wireshark is vulnerable to a denial of service, caused by a flaw in the Gryphon dissector. By injecting a malformed packet onto the wire or persuading a victim to read a malformed packet trace file, a remote attacker could exploit this vulnerability to cause the application to crash.

Impact

Denial of Service

Affected Vendors

Wireshark

Affected Products

Wireshark Wireshark 3.4.0
Wireshark Wireshark 3.4.9
Wireshark Wireshark 3.4.10
Wireshark Wireshark 3.6.0

Remediation

Refer to Wireshark advisory for patch, upgrade or suggested workaround information.

CVE-2021-4181

https://www.wireshark.org/security/wnpa-sec-2021-21.html

CVE-2021-4182

https://www.wireshark.org/security/wnpa-sec-2021-20.html

CVE-2021-4183

https://www.wireshark.org/security/wnpa-sec-2021-19.html

CVE-2021-4184

https://www.wireshark.org/security/wnpa-sec-2021-18.html

CVE-2021-4185

https://www.wireshark.org/security/wnpa-sec-2021-17.html

CVE-2021-4186

https://www.wireshark.org/security/wnpa-sec-2021-16.html

Platform

Managed Security Services

Managed Penetration Testing

Assess

Transform

Train

Respond

Resources

Critical PHP RCE Vulnerability Under Mass Exploitation in New Attacks

Multiple Adobe Products Vulnerabilities

Apple WebKit Zero-Day Actively Exploited in High-Profile Cyber Attacks

Threat Insights

About Us

Our Leadership

CSR

Connect with Us