CVE-2021-22222 : Infinite loop in DVB-S2-BB dissector in Wireshark 3.4.0 to 3.4.5 allows denial o

Infinite loop in DVB-S2-BB dissector in Wireshark 3.4.0 to 3.4.5 allows denial of service via packet injection or crafted capture file

Published 2021-06-07 13:15:08

Updated 2022-04-01 19:10:11

Source GitLab Inc.

View at NVD, CVE.org

Vulnerability category: Denial of service

Products affected by CVE-2021-22222

Debian » Debian Linux » Version: 10.0
cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*
Matching versions
Debian » Debian Linux » Version: 11.0
cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*
Matching versions
Oracle » Enterprise Manager Ops Center » Version: 12.4.0.0
cpe:2.3:a:oracle:enterprise_manager_ops_center:12.4.0.0:*:*:*:*:*:*:*
Matching versions
Oracle » Instantis Enterprisetrack » Version: 17.1
cpe:2.3:a:oracle:instantis_enterprisetrack:17.1:*:*:*:*:*:*:*
Matching versions
Oracle » Instantis Enterprisetrack » Version: 17.2
cpe:2.3:a:oracle:instantis_enterprisetrack:17.2:*:*:*:*:*:*:*
Matching versions
Oracle » Instantis Enterprisetrack » Version: 17.3
cpe:2.3:a:oracle:instantis_enterprisetrack:17.3:*:*:*:*:*:*:*
Matching versions
Oracle » Zfs Storage Appliance Kit » Version: 8.8
cpe:2.3:a:oracle:zfs_storage_appliance_kit:8.8:*:*:*:*:*:*:*
Matching versions
Wireshark » Wireshark
Versions from including (>=) 3.4.0 and up to, including, (<=) 3.4.5
cpe:2.3:a:wireshark:wireshark:*:*:*:*:*:*:*:*
Matching versions

EPSS FAQ

0.40%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 58 %

Percentile, the proportion of vulnerabilities that are scored at or less

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source
5.0	MEDIUM	AV:N/AC:L/Au:N/C:N/I:N/A:P	10.0	2.9	NIST
Access Vector: Network Access Complexity: Low Authentication: None Confidentiality Impact: None Integrity Impact: None Availability Impact: Partial
7.5	HIGH	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H	3.9	3.6	GitLab Inc.
Attack Vector: Network Attack Complexity: Low Privileges Required: None User Interaction: None Scope: Unchanged Confidentiality: None Integrity: None Availability: High
7.5	HIGH	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H	3.9	3.6	NIST
Attack Vector: Network Attack Complexity: Low Privileges Required: None User Interaction: None Scope: Unchanged Confidentiality: None Integrity: None Availability: High

CWE-835 Loop with Unreachable Exit Condition ('Infinite Loop')

The product contains an iteration or loop with an exit condition that cannot be reached, i.e., an infinite loop.

Assigned by: nvd@nist.gov (Primary)

https://www.wireshark.org/security/wnpa-sec-2021-05.html

Wireshark · wnpa-sec-2021-05 · DVB-S2-BB dissector infinite loop
Vendor Advisory

CVEs referencing this url
https://gitlab.com/wireshark/wireshark/-/merge_requests/3130

DVB-S2-BB: Prevent infinite loop (!3130) · Merge requests · Wireshark Foundation / wireshark · GitLab
Patch;Third Party Advisory
https://gitlab.com/gitlab-org/cves/-/blob/master/2021/CVE-2021-22222.json

2021/CVE-2021-22222.json · master · GitLab.org / cves · GitLab
Third Party Advisory
https://www.oracle.com/security-alerts/cpuoct2021.html

Oracle Critical Patch Update Advisory - October 2021
Patch;Third Party Advisory

CVEs referencing this url
https://security.gentoo.org/glsa/202107-21

Wireshark: Multiple vulnerabilities (GLSA 202107-21) — Gentoo security
Third Party Advisory

CVEs referencing this url
https://www.debian.org/security/2021/dsa-5019

Debian -- Security Information -- DSA-5019-1 wireshark
Third Party Advisory

CVEs referencing this url

Jump to