Denial of Service Vulnerability in Wireshark Modbus Dissector
CVE-2021-39921

7.5HIGH

Key Information:

Vendor: Wireshark
Status: Wireshark
Vendor: CVE Published:; 19 November 2021

What is CVE-2021-39921?

The Modbus dissector in Wireshark versions 3.4.0 through 3.4.9 and versions 3.2.0 through 3.2.17 suffers from a NULL pointer exception. This flaw can be exploited through carefully crafted packets or capture files, potentially leading to service disruption.

Affected Version(s)

Wireshark >=3.4.0, <3.4.10 < 3.4.0, 3.4.10

Wireshark >=3.2.0, <3.2.18 < 3.2.0, 3.2.18

References

https://www.wireshark.org/security/wnpa-sec-2021-14.html

https://gitlab.com/wireshark/wireshark/-/issues/17703

https://gitlab.com/gitlab-org/cves/-/blob/master/2021/CVE...

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Nov 19, 2021
Vulnerability Reserved
Aug 23, 2021

JSON