Vulnerability Details : CVE-2021-39925
Potential exploit
Buffer overflow in the Bluetooth SDP dissector in Wireshark 3.4.0 to 3.4.9 and 3.2.0 to 3.2.17 allows denial of service via packet injection or crafted capture file
Vulnerability category: OverflowDenial of service
Products affected by CVE-2021-39925
- cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*
- cpe:2.3:a:wireshark:wireshark:*:*:*:*:*:*:*:*
- cpe:2.3:a:wireshark:wireshark:*:*:*:*:*:*:*:*
- cpe:2.3:o:fedoraproject:fedora:34:*:*:*:*:*:*:*
- cpe:2.3:o:fedoraproject:fedora:35:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2021-39925
0.48%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 64 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2021-39925
| Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
|---|---|---|---|---|---|---|
|
5.0
|
MEDIUM | AV:N/AC:L/Au:N/C:N/I:N/A:P |
10.0
|
2.9
|
NIST | |
|
7.5
|
HIGH | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
3.9
|
3.6
|
GitLab Inc. | |
|
7.5
|
HIGH | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
3.9
|
3.6
|
NIST |
CWE ids for CVE-2021-39925
-
The product copies an input buffer to an output buffer without verifying that the size of the input buffer is less than the size of the output buffer, leading to a buffer overflow.Assigned by: nvd@nist.gov (Primary)
References for CVE-2021-39925
-
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YEWTIRMC2MFQBZ2O5M4CJHJM4JPBHLXH/
[SECURITY] Fedora 34 Update: wireshark-3.6.0-1.fc34 - package-announce - Fedora Mailing-ListsMailing List;Third Party Advisory
-
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/A6AJFIYIHS3TYDD2EBYBJ5KKE52X34BJ/
[SECURITY] Fedora 35 Update: wireshark-3.6.0-1.fc35 - package-announce - Fedora Mailing-ListsMailing List;Third Party Advisory
-
https://www.wireshark.org/security/wnpa-sec-2021-09.html
Wireshark · wnpa-sec-2021-09 · Bluetooth SDP dissector crashVendor Advisory
-
https://gitlab.com/wireshark/wireshark/-/issues/17635
Heap-buffer-overflow in reassemble_continuation_state at packet-btsdp.c (#17635) · Issues · Wireshark Foundation / wireshark · GitLabExploit;Issue Tracking;Patch;Third Party Advisory
-
https://security.gentoo.org/glsa/202210-04
Wireshark: Multiple Vulnerabilities (GLSA 202210-04) — Gentoo securityThird Party Advisory
-
https://lists.debian.org/debian-lts-announce/2021/12/msg00015.html
[SECURITY] [DLA 2849-1] wireshark security updateMailing List;Third Party Advisory
-
https://gitlab.com/gitlab-org/cves/-/blob/master/2021/CVE-2021-39925.json
2021/CVE-2021-39925.json · master · GitLab.org / cves · GitLabThird Party Advisory
-
https://www.debian.org/security/2021/dsa-5019
Debian -- Security Information -- DSA-5019-1 wiresharkThird Party Advisory
Jump to