Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 767907 (CVE-2021-22173, CVE-2021-22174, WNPA-SEC-2021-01, WNPA-SEC-2021-02) - <net-analyzer/wireshark-3.4.3: Multiple vulnerabilities (CVE-2021-{22173,22174})
Summary: <net-analyzer/wireshark-3.4.3: Multiple vulnerabilities (CVE-2021-{22173,22174})
Status: RESOLVED FIXED
Alias: CVE-2021-22173, CVE-2021-22174, WNPA-SEC-2021-01, WNPA-SEC-2021-02
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal normal (vote)
Assignee: Gentoo Security
URL:
Whiteboard: B3 [glsa+ cve]
Keywords:
Depends on:
Blocks:
 
Reported: 2021-01-30 00:38 UTC by Sam James
Modified: 2021-07-09 02:56 UTC (History)
3 users (show)

See Also:
Package list:
net-analyzer/wireshark-3.4.3
Runtime testing required: ---
nattka: sanity-check-


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Sam James archtester gentoo-dev Security 2021-01-30 00:38:05 UTC
* CVE-2021-22173 (wnpa-sec-2021-01)

Description
The USB HID dissector could leak memory.

Impact
It may be possible to make Wireshark consume excessive CPU resources by injecting a malformed packet onto the wire or by convincing someone to read a malformed packet trace file.

* CVE-2021-22174 (wnpa-sec-2021-01)

Description
The USB HID dissector could crash.

Impact
It may be possible to make Wireshark crash by injecting a malformed packet onto the wire or by convincing someone to read a malformed packet trace file.
Comment 1 Sam James archtester gentoo-dev Security 2021-01-30 16:14:29 UTC
arm done
Comment 2 Sam James archtester gentoo-dev Security 2021-02-01 04:42:47 UTC
x86 done
Comment 3 Sam James archtester gentoo-dev Security 2021-02-01 04:43:44 UTC
amd64 done
Comment 4 Sam James archtester gentoo-dev Security 2021-02-13 01:31:21 UTC
ppc64 done
Comment 5 Sam James archtester gentoo-dev Security 2021-02-15 10:47:35 UTC
arm64 done

all arches done
Comment 7 NATTkA bot gentoo-dev 2021-03-25 23:25:00 UTC Comment hidden (obsolete)
Comment 8 NATTkA bot gentoo-dev 2021-06-02 20:08:28 UTC
Unable to check for sanity:

> no match for package: net-analyzer/wireshark-3.4.3
Comment 9 GLSAMaker/CVETool Bot gentoo-dev 2021-07-09 02:56:58 UTC
This issue was resolved and addressed in
 GLSA 202107-21 at https://security.gentoo.org/glsa/202107-21
by GLSA coordinator Sam James (sam_c).