CVE-2021-22191 Information
Jun 07, 2022
cve
Description
Improper URL handling in Wireshark 3.4.0 to 3.4.3 and 3.2.0 to 3.2.11 could allow remote code execution via via packet injection or crafted capture file.
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Reference
https://gitlab.com/wireshark/wireshark/-/issues/17232 https://gitlab.com/gitlab-org/cves/-/blob/master/2021/CVE-2021-22191.json https://www.wireshark.org/security/wnpa-sec-2021-03.html https://www.oracle.com/security-alerts/cpuApr2021.html https://security.gentoo.org/glsa/202107-21 https://lists.debian.org/debian-lts-announce/2022/03/msg00041.html
Attack Complexity
LOW
Privileges Required
NONE
User Interaction Required
NONE
Scope
REQUIRED
Confidentiality Impact
UNCHANGED
Integrity Impact
HIGH
Availability Impact
HIGH
Base Score
HIGH
Base Severity
8.8
Share on: