

Rewterz Threat Advisory – Multiple Apache HTTP Vulnerabilities
December 30, 2021
Rewterz Threat Advisory – CVE-2021-38876 – IBM I Vulnerability
December 31, 2021
Rewterz Threat Advisory – Multiple Apache HTTP Vulnerabilities
December 30, 2021
Rewterz Threat Advisory – CVE-2021-38876 – IBM I Vulnerability
December 31, 2021Severity
Medium
Analysis Summary
CVE-2021-4181
Wireshark is vulnerable to a denial of service, caused by a flaw in the Sysdig Event dissector. By injecting a malformed packet onto the wire or persuading a victim to read a malformed packet trace file, a remote attacker could exploit this vulnerability to cause the application to crash.
CVE-2021-4182
Wireshark is vulnerable to a denial of service, caused by a flaw in the RFC 7468 file parser. By injecting a malformed packet onto the wire or persuading a victim to read a malformed packet trace file, a remote attacker could exploit this vulnerability to cause the application to enter into an infinite loop.
CVE-2021-4183
Wireshark is vulnerable to a denial of service, caused by a flaw in the pcapng file parser. By injecting a malformed packet onto the wire or persuading a victim to read a malformed packet trace file, a remote attacker could exploit this vulnerability to cause the application to crash.
CVE-2021-4184
Wireshark is vulnerable to a denial of service, caused by a flaw in the BitTorrent DHT dissector. By injecting a malformed packet onto the wire or persuading a victim to read a malformed packet trace file, a remote attacker could exploit this vulnerability to cause the application to enter into an infinite loop.
CVE-2021-4185
Wireshark is vulnerable to a denial of service, caused by a flaw in the RTMPT dissector. By injecting a malformed packet onto the wire or persuading a victim to read a malformed packet trace file, a remote attacker could exploit this vulnerability to cause the application to enter into an infinite loop.
CVE-2021-4186
Wireshark is vulnerable to a denial of service, caused by a flaw in the Gryphon dissector. By injecting a malformed packet onto the wire or persuading a victim to read a malformed packet trace file, a remote attacker could exploit this vulnerability to cause the application to crash.
Impact
- Denial of Service
Affected Vendors
Wireshark
Affected Products
- Wireshark Wireshark 3.4.0
- Wireshark Wireshark 3.4.9
- Wireshark Wireshark 3.4.10
- Wireshark Wireshark 3.6.0
Remediation
Refer to Wireshark advisory for patch, upgrade or suggested workaround information.
CVE-2021-4181
CVE-2021-4182
CVE-2021-4183
CVE-2021-4184
CVE-2021-4185
CVE-2021-4186