CVE-2021-39929
Summary
| CVE | CVE-2021-39929 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2021-11-19 17:15:00 UTC |
| Updated | 2023-11-07 03:37:00 UTC |
| Description | Uncontrolled Recursion in the Bluetooth DHT dissector in Wireshark 3.4.0 to 3.4.9 and 3.2.0 to 3.2.17 allows denial of service via packet injection or crafted capture file |
Risk And Classification
Problem Types: CWE-674
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Operating System | Debian | Debian Linux | 10.0 | All | All | All |
| Operating System | Debian | Debian Linux | 11.0 | All | All | All |
| Operating System | Debian | Debian Linux | 9.0 | All | All | All |
| Operating System | Fedoraproject | Fedora | 34 | All | All | All |
| Operating System | Fedoraproject | Fedora | 35 | All | All | All |
| Application | Wireshark | Wireshark | All | All | All | All |
| Application | Wireshark | Wireshark | All | All | All | All |
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| [SECURITY] Fedora 34 Update: wireshark-3.6.0-1.fc34 - package-announce - Fedora Mailing-Lists | FEDORA | lists.fedoraproject.org | |
| 2021/CVE-2021-39929.json · master · GitLab.org / cves · GitLab | CONFIRM | gitlab.com | |
| Debian -- Security Information -- DSA-5019-1 wireshark | DEBIAN | www.debian.org | |
| [SECURITY] Fedora 34 Update: wireshark-3.6.0-1.fc34 - package-announce - Fedora Mailing-Lists | lists.fedoraproject.org | ||
| OSS-Fuzz 39756: wireshark:fuzzshark_ip_proto-udp: Stack-overflow in dissect_bencoded_list (#17651) · Issues · Wireshark Foundation / wireshark · GitLab | MISC | gitlab.com | |
| Wireshark: Multiple Vulnerabilities (GLSA 202210-04) — Gentoo security | GENTOO | security.gentoo.org | |
| Wireshark · wnpa-sec-2021-07 · Bluetooth DHT dissector crash | MISC | www.wireshark.org | |
| [SECURITY] [DLA 2849-1] wireshark security update | MLIST | lists.debian.org | |
| [SECURITY] Fedora 35 Update: wireshark-3.6.0-1.fc35 - package-announce - Fedora Mailing-Lists | FEDORA | lists.fedoraproject.org | |
| [SECURITY] Fedora 35 Update: wireshark-3.6.0-1.fc35 - package-announce - Fedora Mailing-Lists | lists.fedoraproject.org | ||
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
Vendor Comments And Credit
Discovery Credit
LEGACY: The OSS-Fuzz project
Legacy QID Mappings
- 178933 Debian Security Update for wireshark (DSA 5019-1)
- 178957 Debian Security Update for wireshark (DLA 2849-1)
- 180367 Debian Security Update for wireshark (CVE-2021-39929)
- 282092 Fedora Security Update for wireshark (FEDORA-2021-97bd631e0a)
- 282134 Fedora Security Update for wireshark (FEDORA-2021-3747cf6107)
- 354338 Amazon Linux Security Advisory for wireshark : ALAS2022-2022-079
- 354457 Amazon Linux Security Advisory for wireshark : ALAS2022-2022-226
- 354540 Amazon Linux Security Advisory for wireshark : ALAS-2022-226
- 355161 Amazon Linux Security Advisory for wireshark : ALAS2023-2023-038
- 376112 Wireshark Bluetooth DHT Dissector Crash Vulnerability (wnpa-sec-2021-07)
- 502201 Alpine Linux Security Update for wireshark
- 502401 Alpine Linux Security Update for wireshark
- 710636 Gentoo Linux Wireshark Multiple Vulnerabilities (GLSA 202210-04)
- 751469 OpenSUSE Security Update for wireshark (openSUSE-SU-2021:3938-1)
- 751516 OpenSUSE Security Update for wireshark (openSUSE-SU-2021:1566-1)
- 900889 Common Base Linux Mariner (CBL-Mariner) Security Update for wireshark (7416)
- 902257 Common Base Linux Mariner (CBL-Mariner) Security Update for wireshark (7416-1)