CVE-2021-22191

🗓️ 15 Mar 2021 17:48:04Reported by GitLabType

cve🔗 web.nvd.nist.gov📰️ 5 Media mentions👁 291 Views

Improper URL handling in Wireshark 3.4.0 to 3.4.3 and 3.2.0 to 3.2.11 could allow remote code execution

Reporter	Title	Published	Views	Family All 61
ALT Linux	Security fix for the ALT Linux 9 package wireshark version 3.4.4-alt1	12 Apr 202100:00	–	altlinux
ALT Linux	Security fix for the ALT Linux 10 package wireshark version 3.4.4-alt1	17 Mar 202100:00	–	altlinux
AlpineLinux	CVE-2021-22191	15 Mar 202117:48	–	alpinelinux
ArchLinux	[ASA-202103-2] wireshark-qt: arbitrary code execution	13 Mar 202100:00	–	archlinux
AstraLinux	Astra Linux - уязвимость в wireshark	3 May 202623:59	–	astralinux
CNNVD	Wireshark 注入漏洞	11 Mar 202100:00	–	cnnvd
CNVD	Wireshark Memory Corruption Vulnerability	12 Mar 202100:00	–	cnvd
Cvelist	CVE-2021-22191	15 Mar 202117:48	–	cvelist
Debian	[SECURITY] [DLA 2967-1] wireshark security update	31 Mar 202221:42	–	debian
Debian CVE	CVE-2021-22191	15 Mar 202117:48	–	debiancve

NVD

Vulners

Node

wireshark wiresharkRange3.2.0–3.2.11

wireshark wiresharkRange3.4.0–3.4.3

Node

oracle zfs_storage_applianceMatch8.8

Node

debian debian_linuxMatch9.0

[
  {
    "product": "Wireshark",
    "vendor": "The Wireshark Foundation",
    "versions": [
      {
        "status": "affected",
        "version": ">=3.4.0, <3.4.4"
      },
      {
        "status": "affected",
        "version": ">=3.2.0, <3.2.12"
      }
    ]
  }
]

Source	Link
security	www.security.gentoo.org/glsa/202107-21
lists	www.lists.debian.org/debian-lts-announce/2022/03/msg00041.html
oracle	www.oracle.com/security-alerts/cpuApr2021.html
wireshark	www.wireshark.org/security/wnpa-sec-2021-03.html
gitlab	www.gitlab.com/wireshark/wireshark/-/issues/17232
gitlab	www.gitlab.com/gitlab-org/cves/-/blob/master/2021/CVE-2021-22191.json

21 Nov 2024 05:49Current

8.9High risk

Vulners AI Score8.9

CVSS 26.8

CVSS 3.16.3 - 8.8

EPSS0.00272

CWE-74