Rewterz Threat Advisory – Multiple Apache HTTP Vulnerabilities

December 30, 2021

Rewterz Threat Advisory – CVE-2021-38876 – IBM I Vulnerability

December 31, 2021

Rewterz Threat Advisory – Multiple Wireshark Vulnerabilities

December 31, 2021

Severity

Medium

Analysis Summary

CVE-2021-4181

Wireshark is vulnerable to a denial of service, caused by a flaw in the Sysdig Event dissector. By injecting a malformed packet onto the wire or persuading a victim to read a malformed packet trace file, a remote attacker could exploit this vulnerability to cause the application to crash.

CVE-2021-4182

Wireshark is vulnerable to a denial of service, caused by a flaw in the RFC 7468 file parser. By injecting a malformed packet onto the wire or persuading a victim to read a malformed packet trace file, a remote attacker could exploit this vulnerability to cause the application to enter into an infinite loop.

CVE-2021-4183

Wireshark is vulnerable to a denial of service, caused by a flaw in the pcapng file parser. By injecting a malformed packet onto the wire or persuading a victim to read a malformed packet trace file, a remote attacker could exploit this vulnerability to cause the application to crash.

CVE-2021-4184

Wireshark is vulnerable to a denial of service, caused by a flaw in the BitTorrent DHT dissector. By injecting a malformed packet onto the wire or persuading a victim to read a malformed packet trace file, a remote attacker could exploit this vulnerability to cause the application to enter into an infinite loop.

CVE-2021-4185

Wireshark is vulnerable to a denial of service, caused by a flaw in the RTMPT dissector. By injecting a malformed packet onto the wire or persuading a victim to read a malformed packet trace file, a remote attacker could exploit this vulnerability to cause the application to enter into an infinite loop.

CVE-2021-4186

Wireshark is vulnerable to a denial of service, caused by a flaw in the Gryphon dissector. By injecting a malformed packet onto the wire or persuading a victim to read a malformed packet trace file, a remote attacker could exploit this vulnerability to cause the application to crash.

Impact

Denial of Service

Affected Vendors

Wireshark

Affected Products

Wireshark Wireshark 3.4.0
Wireshark Wireshark 3.4.9
Wireshark Wireshark 3.4.10
Wireshark Wireshark 3.6.0

Remediation

Refer to Wireshark advisory for patch, upgrade or suggested workaround information.

CVE-2021-4181

https://www.wireshark.org/security/wnpa-sec-2021-21.html

CVE-2021-4182

https://www.wireshark.org/security/wnpa-sec-2021-20.html

CVE-2021-4183

https://www.wireshark.org/security/wnpa-sec-2021-19.html

CVE-2021-4184

https://www.wireshark.org/security/wnpa-sec-2021-18.html

CVE-2021-4185

https://www.wireshark.org/security/wnpa-sec-2021-17.html

CVE-2021-4186

https://www.wireshark.org/security/wnpa-sec-2021-16.html

Rewterz Annual Threat Intelligence Report 2024 - Download Now

Rewterz Annual Threat Intelligence Report 2024 - Download Now

Platform

Managed Security Services

Managed Penetration Testing

Assess

Transform

Train

Respond

Resources

Python RAT Uses Discord Interface to Execute Remote Attacks

Critical Alert: Jordanian Banks Under Siege by Everest Ransomware Group

The SocGholish-RansomHub Connection – Active IOCs

Threat Insights

About Us

Our Leadership

CSR

Connect with Us

Rewterz Threat Advisory – Multiple Apache HTTP Vulnerabilities

Rewterz Threat Advisory – CVE-2021-38876 – IBM I Vulnerability

The Wait Is Over!

The Rewterz Annual Threat Intelligence Report 2024 is finally here.