Request a Demo
Rewterz
Rewterz Threat Advisory – Multiple Apache HTTP Vulnerabilities
December 30, 2021
Rewterz
Rewterz Threat Advisory – CVE-2021-38876 – IBM I Vulnerability
December 31, 2021

Rewterz Threat Advisory – Multiple Wireshark Vulnerabilities

Severity

Medium

Analysis Summary

CVE-2021-4181 

Wireshark is vulnerable to a denial of service, caused by a flaw in the Sysdig Event dissector. By injecting a malformed packet onto the wire or persuading a victim to read a malformed packet trace file, a remote attacker could exploit this vulnerability to cause the application to crash.

CVE-2021-4182 

Wireshark is vulnerable to a denial of service, caused by a flaw in the RFC 7468 file parser. By injecting a malformed packet onto the wire or persuading a victim to read a malformed packet trace file, a remote attacker could exploit this vulnerability to cause the application to enter into an infinite loop.

CVE-2021-4183

Wireshark is vulnerable to a denial of service, caused by a flaw in the pcapng file parser. By injecting a malformed packet onto the wire or persuading a victim to read a malformed packet trace file, a remote attacker could exploit this vulnerability to cause the application to crash.

CVE-2021-4184 

Wireshark is vulnerable to a denial of service, caused by a flaw in the BitTorrent DHT dissector. By injecting a malformed packet onto the wire or persuading a victim to read a malformed packet trace file, a remote attacker could exploit this vulnerability to cause the application to enter into an infinite loop.

CVE-2021-4185 

Wireshark is vulnerable to a denial of service, caused by a flaw in the RTMPT dissector. By injecting a malformed packet onto the wire or persuading a victim to read a malformed packet trace file, a remote attacker could exploit this vulnerability to cause the application to enter into an infinite loop.

CVE-2021-4186 

Wireshark is vulnerable to a denial of service, caused by a flaw in the Gryphon dissector. By injecting a malformed packet onto the wire or persuading a victim to read a malformed packet trace file, a remote attacker could exploit this vulnerability to cause the application to crash.

Impact

  • Denial of Service

Affected Vendors

Wireshark

Affected Products

  • Wireshark Wireshark 3.4.0
  • Wireshark Wireshark 3.4.9
  • Wireshark Wireshark 3.4.10
  • Wireshark Wireshark 3.6.0

Remediation

Refer to Wireshark advisory for patch, upgrade or suggested workaround information.

CVE-2021-4181

https://www.wireshark.org/security/wnpa-sec-2021-21.html

CVE-2021-4182

https://www.wireshark.org/security/wnpa-sec-2021-20.html

CVE-2021-4183

https://www.wireshark.org/security/wnpa-sec-2021-19.html

CVE-2021-4184

https://www.wireshark.org/security/wnpa-sec-2021-18.html

CVE-2021-4185

https://www.wireshark.org/security/wnpa-sec-2021-17.html

CVE-2021-4186

https://www.wireshark.org/security/wnpa-sec-2021-16.html