Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 830343 (CVE-2021-4181, CVE-2021-4182, CVE-2021-4183, CVE-2021-4184, CVE-2021-4185, CVE-2021-4186, CVE-2021-4190) - <net-analyzer/wireshark-{3.4.11, 3.6.1}: multiple vulnerabilities (CVE-2021-{4181,4182,4183,4184,4185,4186,4190})
Summary: <net-analyzer/wireshark-{3.4.11, 3.6.1}: multiple vulnerabilities (CVE-2021-{...
Status: IN_PROGRESS
Alias: CVE-2021-4181, CVE-2021-4182, CVE-2021-4183, CVE-2021-4184, CVE-2021-4185, CVE-2021-4186, CVE-2021-4190
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal minor (vote)
Assignee: Gentoo Security
URL:
Whiteboard: B3 [glsa?]
Keywords:
Depends on: 830569
Blocks:
  Show dependency tree
 
Reported: 2021-12-31 08:59 UTC by filip ambroz
Modified: 2022-02-20 06:31 UTC (History)
3 users (show)

See Also:
Package list:
Runtime testing required: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description filip ambroz 2021-12-31 08:59:28 UTC
[CVE-2021-4181]
Crash in the Sysdig Event dissector in Wireshark 3.6.0 and 3.4.0 to 3.4.10 allows denial of service via packet injection or crafted capture file.

URLs:
https://nvd.nist.gov/vuln/detail/CVE-2021-4181
https://www.wireshark.org/security/wnpa-sec-2021-21.html

Fixed versions: 3.6.1, 3.4.11 


[CVE-2021-4182]
Crash in the RFC 7468 dissector in Wireshark 3.6.0 and 3.4.0 to 3.4.10 allows denial of service via packet injection or crafted capture file.

URLs:
https://nvd.nist.gov/vuln/detail/CVE-2021-4182
https://www.wireshark.org/security/wnpa-sec-2021-20.html

Fixed versions: 3.6.1, 3.4.11 or later.


[CVE-2021-4183]
Crash in the pcapng file parser in Wireshark 3.6.0 allows denial of service via crafted capture file.

URLs:
https://nvd.nist.gov/vuln/detail/CVE-2021-4183
https://www.wireshark.org/security/wnpa-sec-2021-19.html

Fixed versions: 3.6.1


[CVE-2021-4184]
Infinite loop in the BitTorrent DHT dissector in Wireshark 3.6.0 and 3.4.0 to 3.4.10 allows denial of service via packet injection or crafted capture file.

URLs:
https://nvd.nist.gov/vuln/detail/CVE-2021-4184
https://www.wireshark.org/security/wnpa-sec-2021-18.html

Fixed versions: 3.6.1, 3.4.11


[CVE-2021-4185]
Infinite loop in the RTMPT dissector in Wireshark 3.6.0 and 3.4.0 to 3.4.10 allows denial of service via packet injection or crafted capture file.

URLs:
https://nvd.nist.gov/vuln/detail/CVE-2021-4185
https://www.wireshark.org/security/wnpa-sec-2021-17.html

Fixed versions: 3.6.1, 3.4.11


[CVE-2021-4186]
Crash in the Gryphon dissector in Wireshark 3.4.0 to 3.4.10 allows denial of service via packet injection or crafted capture file.

URLs:
https://nvd.nist.gov/vuln/detail/CVE-2021-4186
https://www.wireshark.org/security/wnpa-sec-2021-16.html

Fixed versions: 3.6.0, 3.4.11


[CVE-2021-4190]
Large loop in the Kafka dissector in Wireshark 3.6.0 allows denial of service via packet injection or crafted capture file.

URLs:
https://nvd.nist.gov/vuln/detail/CVE-2021-4190
https://www.wireshark.org/security/wnpa-sec-2021-22.html

Fixed versions: 3.6.1

Reproducible: Always
Comment 1 John Helmert III archtester Gentoo Infrastructure gentoo-dev Security 2021-12-31 09:09:25 UTC
Thanks for filing!
Comment 2 Larry the Git Cow gentoo-dev 2022-01-04 04:53:51 UTC
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=3caad1cbd744874cbfa34c4ae41f0ded2b75311e

commit 3caad1cbd744874cbfa34c4ae41f0ded2b75311e
Author:     Sam James <sam@gentoo.org>
AuthorDate: 2022-01-03 08:55:51 +0000
Commit:     Sam James <sam@gentoo.org>
CommitDate: 2022-01-04 04:53:34 +0000

    net-analyzer/wireshark: add 3.4.11
    
    Bug: https://bugs.gentoo.org/830343
    Signed-off-by: Sam James <sam@gentoo.org>

 net-analyzer/wireshark/Manifest                |   1 +
 net-analyzer/wireshark/wireshark-3.4.11.ebuild | 285 +++++++++++++++++++++++++
 2 files changed, 286 insertions(+)

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=1e9149320bdc41b6b90e801826955bb7b312047f

commit 1e9149320bdc41b6b90e801826955bb7b312047f
Author:     Sam James <sam@gentoo.org>
AuthorDate: 2022-01-03 08:50:31 +0000
Commit:     Sam James <sam@gentoo.org>
CommitDate: 2022-01-04 04:53:31 +0000

    net-analyzer/wireshark: add 3.6.1
    
    Bug: https://bugs.gentoo.org/830343
    Signed-off-by: Sam James <sam@gentoo.org>

 net-analyzer/wireshark/Manifest               |   1 +
 net-analyzer/wireshark/wireshark-3.6.1.ebuild | 273 ++++++++++++++++++++++++++
 2 files changed, 274 insertions(+)
Comment 3 Larry the Git Cow gentoo-dev 2022-02-20 05:51:42 UTC
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=c2f163b2438b412dffa637ae892000c2913d546f

commit c2f163b2438b412dffa637ae892000c2913d546f
Author:     Sam James <sam@gentoo.org>
AuthorDate: 2022-02-20 05:35:47 +0000
Commit:     Sam James <sam@gentoo.org>
CommitDate: 2022-02-20 05:35:47 +0000

    net-analyzer/wireshark: drop 3.4.10, 3.4.11, 3.6.0-r1
    
    Bug: https://bugs.gentoo.org/830343
    Signed-off-by: Sam James <sam@gentoo.org>

 net-analyzer/wireshark/Manifest                    |   3 -
 .../files/wireshark-3.6.0-fix-no-tshark.patch      |  32 ---
 net-analyzer/wireshark/wireshark-3.4.10.ebuild     | 283 --------------------
 net-analyzer/wireshark/wireshark-3.4.11.ebuild     | 285 ---------------------
 net-analyzer/wireshark/wireshark-3.6.0-r1.ebuild   | 272 --------------------
 5 files changed, 875 deletions(-)
Comment 4 Larry the Git Cow gentoo-dev 2022-02-20 06:31:20 UTC
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=2d09a146dec49ea5187a2c46959fe5b8ce1388b8

commit 2d09a146dec49ea5187a2c46959fe5b8ce1388b8
Author:     Sam James <sam@gentoo.org>
AuthorDate: 2022-02-20 06:30:52 +0000
Commit:     Sam James <sam@gentoo.org>
CommitDate: 2022-02-20 06:30:52 +0000

    net-analyzer/wireshark: drop 3.4.10, 3.6.0-r1
    
    Bug: https://bugs.gentoo.org/830343
    Signed-off-by: Sam James <sam@gentoo.org>

 net-analyzer/wireshark/Manifest                    |   2 -
 .../files/wireshark-3.6.0-fix-no-tshark.patch      |  32 ---
 net-analyzer/wireshark/wireshark-3.4.10.ebuild     | 283 ---------------------
 net-analyzer/wireshark/wireshark-3.6.0-r1.ebuild   | 272 --------------------
 4 files changed, 589 deletions(-)

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=11d357718ec192403193260fe033e93973c3aa5f

commit 11d357718ec192403193260fe033e93973c3aa5f
Author:     Sam James <sam@gentoo.org>
AuthorDate: 2022-02-20 06:29:48 +0000
Commit:     Sam James <sam@gentoo.org>
CommitDate: 2022-02-20 06:30:07 +0000

    Revert "net-analyzer/wireshark: drop 3.4.10, 3.4.11, 3.6.0-r1"
    
    This reverts commit c2f163b2438b412dffa637ae892000c2913d546f.
    
    Needed by stable libvirt.
    
    Bug: https://bugs.gentoo.org/830343
    Signed-off-by: Sam James <sam@gentoo.org>

 net-analyzer/wireshark/Manifest                    |   3 +
 .../files/wireshark-3.6.0-fix-no-tshark.patch      |  32 +++
 net-analyzer/wireshark/wireshark-3.4.10.ebuild     | 283 ++++++++++++++++++++
 net-analyzer/wireshark/wireshark-3.4.11.ebuild     | 285 +++++++++++++++++++++
 net-analyzer/wireshark/wireshark-3.6.0-r1.ebuild   | 272 ++++++++++++++++++++
 5 files changed, 875 insertions(+)