Denial of Service Vulnerability in Wireshark PNRP Dissector
CVE-2021-39923

7.5HIGH

Key Information:

Vendor: Wireshark
Status: Wireshark
Vendor: CVE Published:; 19 November 2021

🔔 Create Wireshark Vulnerability Alert

What is CVE-2021-39923?

A vulnerability in the PNRP dissector of Wireshark versions 3.4.0 to 3.4.9 and 3.2.0 to 3.2.17 enables denial of service conditions. This issue arises from a large loop triggered by packet injection or a specially crafted capture file, potentially leading to application crashes and hindering normal operations during network analysis.

Affected Version(s)

Wireshark >=3.2.0, <3.2.18 < 3.2.0, 3.2.18

Wireshark >=3.4.0, <3.4.10 < 3.4.0, 3.4.10

References

https://gitlab.com/gitlab-org/cves/-/blob/master/2021/CVE...

x_refsource_CONFIRM

https://www.wireshark.org/security/wnpa-sec-2021-11.html

x_refsource_MISC

https://gitlab.com/wireshark/wireshark/-/issues/17684

x_refsource_MISC

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Nov 19, 2021
Vulnerability Reserved
Aug 23, 2021

.