7.5

CVE-2021-39924

Exploit

Large loop in the Bluetooth DHT dissector in Wireshark 3.4.0 to 3.4.9 and 3.2.0 to 3.2.17 allows denial of service via packet injection or crafted capture file

Data is provided by the National Vulnerability Database (NVD)
WiresharkWireshark Version >= 3.2.0 <= 3.2.17
WiresharkWireshark Version >= 3.4.0 <= 3.4.9
FedoraprojectFedora Version34
FedoraprojectFedora Version35
DebianDebian Linux Version9.0
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
EPSS Metriken
Type Source Score Percentile
EPSS FIRST.org 0.19% 0.408
CVSS Metriken
Source Base Score Exploit Score Impact Score Vector string
nvd@nist.gov 7.5 3.9 3.6
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
nvd@nist.gov 5 10 2.9
AV:N/AC:L/Au:N/C:N/I:N/A:P
cve@gitlab.com 7.5 3.9 3.6
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CWE-834 Excessive Iteration

The product performs an iteration or loop without sufficiently limiting the number of times that the loop is executed.

https://gitlab.com/wireshark/wireshark/-/issues/17677
Patch
Third Party Advisory
Exploit
Issue Tracking