Bug 1952964 (CVE-2021-22207)
| Summary: | CVE-2021-22207 wireshark: MS-WSP dissector excessive memory consumption | ||
|---|---|---|---|
| Product: | [Other] Security Response | Reporter: | Guilherme de Almeida Suckevicz <gsuckevi> |
| Component: | vulnerability | Assignee: | Red Hat Product Security <security-response-team> |
| Status: | CLOSED ERRATA | QA Contact: | |
| Severity: | low | Docs Contact: | |
| Priority: | low | ||
| Version: | unspecified | CC: | alekcejk, denis, huzaifas, lemenkov, mruprich, msehnout, peter, rvokal, sergey.avseyev |
| Target Milestone: | --- | Keywords: | Security |
| Target Release: | --- | ||
| Hardware: | All | ||
| OS: | Linux | ||
| Whiteboard: | |||
| Fixed In Version: | wireshark 3.4.5, wireshark 3.2.13 | Doc Type: | If docs needed, set a value |
| Doc Text: |
A flaw was found in wireshark. A memory leak in the MS-WSP dissector allows an attacker to crash an application which uses wireshark due to excessive memory allocation. The attacker can trigger the flaw by injecting special packets onto the wire or by convincing a victim user into opening a malformed packet trace file. The highest threat from this vulnerability is to application availability.
|
Story Points: | --- |
| Clone Of: | Environment: | ||
| Last Closed: | 2021-06-29 21:00:56 UTC | Type: | --- |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
| Bug Depends On: | 1952965, 1955528, 1955529 | ||
| Bug Blocks: | 1952966 | ||
|
Description
Guilherme de Almeida Suckevicz
2021-04-23 16:27:50 UTC
Created wireshark tracking bugs for this issue: Affects: fedora-all [bug 1952965] Upstream patch: https://gitlab.com/wireshark/wireshark/-/commit/b7a0650e061b5418ab4a8f72c6e4b00317aff623 External References: https://www.wireshark.org/security/wnpa-sec-2021-04 |