CVE-2021-22174 :: Enginsight Vulnerability Database

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	Primary	3.7 LOW	NETWORK	HIGH	NONE	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L

Base Score

CVSS 3.x

EPSS Score

Percentile: 60%

Affected Products (NVD)

Vendor	Product	Version
wireshark	wireshark	3.4.0 ≤ 𝑥 < 3.4.3
oracle	zfs_storage_appliance	8.8

𝑥

= Vulnerable software versions

Debian Releases

Debian Product

Codename

wireshark

bookworm	4.0.11-1~deb12u1 fixed
bookworm (security)	4.0.11-1~deb12u1 fixed
bullseye	3.4.10-0+deb11u1 fixed
bullseye (security)	3.4.16-0+deb11u1 fixed
buster	not-affected
sid	4.4.1-1 fixed
stretch	not-affected
trixie	4.4.0-1 fixed

Ubuntu Releases

Ubuntu Product

Codename

wireshark

bionic	needs-triage
focal	needs-triage
groovy	ignored
hirsute	ignored
impish	ignored
jammy	needs-triage
kinetic	ignored
lunar	ignored
mantic	ignored
noble	needs-triage
trusty	needs-triage
xenial	needs-triage

openSUSE / SLES Releases

openSUSE Product

Release

libQt5Multimedia5

suse enterprise server 15 SP1

5.9.7-7.2.1

fixed

libqt5-qtmultimedia-devel

suse enterprise server 15 SP1

5.9.7-7.2.1

fixed

libqt5-qtmultimedia-private-headers-devel

suse enterprise server 15 SP1

5.9.7-7.2.1

fixed

libsbc1

suse enterprise desktop 15 SP2	1.3-3.2.1 fixed
suse enterprise desktop 15 SP3	1.3-3.2.1 fixed
suse enterprise desktop 15 SP4	1.3-3.2.1 fixed
suse enterprise desktop 15 SP5	1.3-3.2.1 fixed
suse enterprise desktop 15 SP6	1.3-3.2.1 fixed
suse enterprise desktop 15 SP7	1.3-3.2.1 fixed
suse enterprise sap 15 SP2	1.3-3.2.1 fixed
suse enterprise sap 15 SP3	1.3-3.2.1 fixed
suse enterprise sap 15 SP4	1.3-3.2.1 fixed
suse enterprise sap 15 SP5	1.3-3.2.1 fixed
suse enterprise sap 15 SP6	1.3-3.2.1 fixed
suse enterprise sap 15 SP7	1.3-3.2.1 fixed
suse enterprise server 15	1.3-3.2.1 fixed
suse enterprise server 15 SP1	1.3-3.2.1 fixed
suse enterprise server 15 SP2	1.3-3.2.1 fixed
suse enterprise server 15 SP3	1.3-3.2.1 fixed
suse enterprise server 15 SP4	1.3-3.2.1 fixed
suse enterprise server 15 SP5	1.3-3.2.1 fixed
suse enterprise server 15 SP6	1.3-3.2.1 fixed
suse enterprise server 15 SP7	1.3-3.2.1 fixed

libvirt

suse enterprise server 15

4.0.0-9.37.21

fixed

libvirt-admin

suse enterprise server 15

4.0.0-9.37.21

fixed

libvirt-client

suse enterprise server 15

4.0.0-9.37.21

fixed

libvirt-daemon

suse enterprise server 15

4.0.0-9.37.21

fixed

libvirt-daemon-config-network

suse enterprise server 15

4.0.0-9.37.21

fixed

libvirt-daemon-config-nwfilter

suse enterprise server 15

4.0.0-9.37.21

fixed

libvirt-daemon-driver-interface

suse enterprise server 15

4.0.0-9.37.21

fixed

libvirt-daemon-driver-libxl

suse enterprise server 15

4.0.0-9.37.21

fixed

libvirt-daemon-driver-lxc

suse enterprise server 15

4.0.0-9.37.21

fixed

libvirt-daemon-driver-network

suse enterprise server 15

4.0.0-9.37.21

fixed

libvirt-daemon-driver-nodedev

suse enterprise server 15

4.0.0-9.37.21

fixed

libvirt-daemon-driver-nwfilter

suse enterprise server 15

4.0.0-9.37.21

fixed

libvirt-daemon-driver-qemu

suse enterprise server 15

4.0.0-9.37.21

fixed

libvirt-daemon-driver-secret

suse enterprise server 15

4.0.0-9.37.21

fixed

libvirt-daemon-driver-storage

suse enterprise server 15

4.0.0-9.37.21

fixed

libvirt-daemon-driver-storage-core

suse enterprise server 15

4.0.0-9.37.21

fixed

libvirt-daemon-driver-storage-disk

suse enterprise server 15

4.0.0-9.37.21

fixed

libvirt-daemon-driver-storage-iscsi

suse enterprise server 15

4.0.0-9.37.21

fixed

libvirt-daemon-driver-storage-logical

suse enterprise server 15

4.0.0-9.37.21

fixed

libvirt-daemon-driver-storage-mpath

suse enterprise server 15

4.0.0-9.37.21

fixed

libvirt-daemon-driver-storage-rbd

suse enterprise server 15

4.0.0-9.37.21

fixed

libvirt-daemon-driver-storage-scsi

suse enterprise server 15

4.0.0-9.37.21

fixed

libvirt-daemon-hooks

suse enterprise server 15

4.0.0-9.37.21

fixed

libvirt-daemon-lxc

suse enterprise server 15

4.0.0-9.37.21

fixed

libvirt-daemon-qemu

suse enterprise server 15

4.0.0-9.37.21

fixed

libvirt-daemon-xen

suse enterprise server 15

4.0.0-9.37.21

fixed

libvirt-devel

suse enterprise server 15

4.0.0-9.37.21

fixed

libvirt-doc

suse enterprise server 15

4.0.0-9.37.21

fixed

libvirt-libs

suse enterprise server 15

4.0.0-9.37.21

fixed

libvirt-lock-sanlock

suse enterprise server 15

4.0.0-9.37.21

fixed

libvirt-nss

suse enterprise server 15

4.0.0-9.37.21

fixed

libwireshark14

suse enterprise desktop 15 SP2	3.4.5-3.53.1 fixed
suse enterprise desktop 15 SP3	3.4.5-3.53.1 fixed
suse enterprise sap 15 SP2	3.4.5-3.53.1 fixed
suse enterprise sap 15 SP3	3.4.5-3.53.1 fixed
suse enterprise server 15	3.4.5-3.53.1 fixed
suse enterprise server 15 SP1	3.4.5-3.53.1 fixed
suse enterprise server 15 SP2	3.4.5-3.53.1 fixed
suse enterprise server 15 SP3	3.4.5-3.53.1 fixed

libwireshark15

suse enterprise desktop 15 SP4	3.6.2-3.71.1 fixed
suse enterprise desktop 15 SP5	3.6.13-150000.3.89.1 fixed
suse enterprise desktop 15 SP6	3.6.20-150600.16.5 fixed
suse enterprise sap 15 SP4	3.6.2-3.71.1 fixed
suse enterprise sap 15 SP5	3.6.13-150000.3.89.1 fixed
suse enterprise sap 15 SP6	3.6.20-150600.16.5 fixed
suse enterprise server 15 SP4	3.6.2-3.71.1 fixed
suse enterprise server 15 SP5	3.6.13-150000.3.89.1 fixed
suse enterprise server 15 SP6	3.6.20-150600.16.5 fixed

libwireshark17

suse enterprise desktop 15 SP7	4.2.11-150600.18.20.1 fixed
suse enterprise sap 15 SP7	4.2.11-150600.18.20.1 fixed
suse enterprise server 15 SP7	4.2.11-150600.18.20.1 fixed

libwiretap11

suse enterprise desktop 15 SP2	3.4.5-3.53.1 fixed
suse enterprise desktop 15 SP3	3.4.5-3.53.1 fixed
suse enterprise sap 15 SP2	3.4.5-3.53.1 fixed
suse enterprise sap 15 SP3	3.4.5-3.53.1 fixed
suse enterprise server 15	3.4.5-3.53.1 fixed
suse enterprise server 15 SP1	3.4.5-3.53.1 fixed
suse enterprise server 15 SP2	3.4.5-3.53.1 fixed
suse enterprise server 15 SP3	3.4.5-3.53.1 fixed

libwiretap12

suse enterprise desktop 15 SP4	3.6.2-3.71.1 fixed
suse enterprise desktop 15 SP5	3.6.13-150000.3.89.1 fixed
suse enterprise desktop 15 SP6	3.6.20-150600.16.5 fixed
suse enterprise sap 15 SP4	3.6.2-3.71.1 fixed
suse enterprise sap 15 SP5	3.6.13-150000.3.89.1 fixed
suse enterprise sap 15 SP6	3.6.20-150600.16.5 fixed
suse enterprise server 15 SP4	3.6.2-3.71.1 fixed
suse enterprise server 15 SP5	3.6.13-150000.3.89.1 fixed
suse enterprise server 15 SP6	3.6.20-150600.16.5 fixed

libwiretap14

suse enterprise desktop 15 SP7	4.2.11-150600.18.20.1 fixed
suse enterprise sap 15 SP7	4.2.11-150600.18.20.1 fixed
suse enterprise server 15 SP7	4.2.11-150600.18.20.1 fixed

libwsutil12

suse enterprise desktop 15 SP2	3.4.5-3.53.1 fixed
suse enterprise desktop 15 SP3	3.4.5-3.53.1 fixed
suse enterprise sap 15 SP2	3.4.5-3.53.1 fixed
suse enterprise sap 15 SP3	3.4.5-3.53.1 fixed
suse enterprise server 15	3.4.5-3.53.1 fixed
suse enterprise server 15 SP1	3.4.5-3.53.1 fixed
suse enterprise server 15 SP2	3.4.5-3.53.1 fixed
suse enterprise server 15 SP3	3.4.5-3.53.1 fixed

libwsutil13

suse enterprise desktop 15 SP4	3.6.2-3.71.1 fixed
suse enterprise desktop 15 SP5	3.6.13-150000.3.89.1 fixed
suse enterprise desktop 15 SP6	3.6.20-150600.16.5 fixed
suse enterprise sap 15 SP4	3.6.2-3.71.1 fixed
suse enterprise sap 15 SP5	3.6.13-150000.3.89.1 fixed
suse enterprise sap 15 SP6	3.6.20-150600.16.5 fixed
suse enterprise server 15 SP4	3.6.2-3.71.1 fixed
suse enterprise server 15 SP5	3.6.13-150000.3.89.1 fixed
suse enterprise server 15 SP6	3.6.20-150600.16.5 fixed

libwsutil15

suse enterprise desktop 15 SP7	4.2.11-150600.18.20.1 fixed
suse enterprise sap 15 SP7	4.2.11-150600.18.20.1 fixed
suse enterprise server 15 SP7	4.2.11-150600.18.20.1 fixed

sbc-devel

suse enterprise desktop 15 SP2	1.3-3.2.1 fixed
suse enterprise desktop 15 SP3	1.3-3.2.1 fixed
suse enterprise desktop 15 SP4	1.3-3.2.1 fixed
suse enterprise desktop 15 SP5	1.3-3.2.1 fixed
suse enterprise desktop 15 SP6	1.3-3.2.1 fixed
suse enterprise desktop 15 SP7	1.3-3.2.1 fixed
suse enterprise sap 15 SP2	1.3-3.2.1 fixed
suse enterprise sap 15 SP3	1.3-3.2.1 fixed
suse enterprise sap 15 SP4	1.3-3.2.1 fixed
suse enterprise sap 15 SP5	1.3-3.2.1 fixed
suse enterprise sap 15 SP6	1.3-3.2.1 fixed
suse enterprise sap 15 SP7	1.3-3.2.1 fixed
suse enterprise server 15	1.3-3.2.1 fixed
suse enterprise server 15 SP1	1.3-3.2.1 fixed
suse enterprise server 15 SP2	1.3-3.2.1 fixed
suse enterprise server 15 SP3	1.3-3.2.1 fixed
suse enterprise server 15 SP4	1.3-3.2.1 fixed
suse enterprise server 15 SP5	1.3-3.2.1 fixed
suse enterprise server 15 SP6	1.3-3.2.1 fixed
suse enterprise server 15 SP7	1.3-3.2.1 fixed

wireshark

suse enterprise desktop 15 SP2	3.4.5-3.53.1 fixed
suse enterprise desktop 15 SP3	3.4.5-3.53.1 fixed
suse enterprise desktop 15 SP4	3.4.5-3.53.1 fixed
suse enterprise desktop 15 SP5	3.4.5-3.53.1 fixed
suse enterprise desktop 15 SP6	3.6.20-150600.16.5 fixed
suse enterprise desktop 15 SP7	4.2.11-150600.18.20.1 fixed
suse enterprise sap 15 SP2	3.4.5-3.53.1 fixed
suse enterprise sap 15 SP3	3.4.5-3.53.1 fixed
suse enterprise sap 15 SP4	3.4.5-3.53.1 fixed
suse enterprise sap 15 SP5	3.4.5-3.53.1 fixed
suse enterprise sap 15 SP6	3.6.20-150600.16.5 fixed
suse enterprise sap 15 SP7	4.2.11-150600.18.20.1 fixed
suse enterprise server 15	3.4.5-3.53.1 fixed
suse enterprise server 15 SP1	3.4.5-3.53.1 fixed
suse enterprise server 15 SP2	3.4.5-3.53.1 fixed
suse enterprise server 15 SP3	3.4.5-3.53.1 fixed
suse enterprise server 15 SP4	3.4.5-3.53.1 fixed
suse enterprise server 15 SP5	3.4.5-3.53.1 fixed
suse enterprise server 15 SP6	3.6.20-150600.16.5 fixed
suse enterprise server 15 SP7	4.2.11-150600.18.20.1 fixed

wireshark-devel

suse enterprise desktop 15 SP2	3.4.5-3.53.1 fixed
suse enterprise desktop 15 SP3	3.4.5-3.53.1 fixed
suse enterprise desktop 15 SP4	3.4.5-3.53.1 fixed
suse enterprise desktop 15 SP5	3.4.5-3.53.1 fixed
suse enterprise desktop 15 SP6	3.6.20-150600.16.5 fixed
suse enterprise desktop 15 SP7	4.2.11-150600.18.20.1 fixed
suse enterprise sap 15 SP2	3.4.5-3.53.1 fixed
suse enterprise sap 15 SP3	3.4.5-3.53.1 fixed
suse enterprise sap 15 SP4	3.4.5-3.53.1 fixed
suse enterprise sap 15 SP5	3.4.5-3.53.1 fixed
suse enterprise sap 15 SP6	3.6.20-150600.16.5 fixed
suse enterprise sap 15 SP7	4.2.11-150600.18.20.1 fixed
suse enterprise server 15	3.4.5-3.53.1 fixed
suse enterprise server 15 SP1	3.4.5-3.53.1 fixed
suse enterprise server 15 SP2	3.4.5-3.53.1 fixed
suse enterprise server 15 SP3	3.4.5-3.53.1 fixed
suse enterprise server 15 SP4	3.4.5-3.53.1 fixed
suse enterprise server 15 SP5	3.4.5-3.53.1 fixed
suse enterprise server 15 SP6	3.6.20-150600.16.5 fixed
suse enterprise server 15 SP7	4.2.11-150600.18.20.1 fixed

wireshark-ui-qt

suse enterprise desktop 15 SP2	3.4.5-3.53.1 fixed
suse enterprise desktop 15 SP3	3.4.5-3.53.1 fixed
suse enterprise desktop 15 SP4	3.4.5-3.53.1 fixed
suse enterprise desktop 15 SP5	3.4.5-3.53.1 fixed
suse enterprise desktop 15 SP6	3.6.20-150600.16.5 fixed
suse enterprise desktop 15 SP7	4.2.11-150600.18.20.1 fixed
suse enterprise sap 15 SP2	3.4.5-3.53.1 fixed
suse enterprise sap 15 SP3	3.4.5-3.53.1 fixed
suse enterprise sap 15 SP4	3.4.5-3.53.1 fixed
suse enterprise sap 15 SP5	3.4.5-3.53.1 fixed
suse enterprise sap 15 SP6	3.6.20-150600.16.5 fixed
suse enterprise sap 15 SP7	4.2.11-150600.18.20.1 fixed
suse enterprise server 15	3.4.5-3.53.1 fixed
suse enterprise server 15 SP1	3.4.5-3.53.1 fixed
suse enterprise server 15 SP2	3.4.5-3.53.1 fixed
suse enterprise server 15 SP3	3.4.5-3.53.1 fixed
suse enterprise server 15 SP4	3.4.5-3.53.1 fixed
suse enterprise server 15 SP5	3.4.5-3.53.1 fixed
suse enterprise server 15 SP6	3.6.20-150600.16.5 fixed
suse enterprise server 15 SP7	4.2.11-150600.18.20.1 fixed

Known Exploits!

Common Weakness Enumeration

CWE-770 - Allocation of Resources Without Limits or Throttling
The software allocates a reusable resource or group of resources on behalf of an actor without imposing any restrictions on the size or number of resources that can be allocated, in violation of the intended security policy for that actor.

References

https://gitlab.com/gitlab-org/cves/-/blob/master/2021/CVE-2021-22174.json

https://gitlab.com/wireshark/wireshark/-/issues/17165

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GND3PIQC3KZALR227V4YUMPKJBA5BZG4/

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NYXLKQJ3D632XSG6VO7M4YFDAG6GRCLY/

https://security.gentoo.org/glsa/202107-21

https://www.oracle.com/security-alerts/cpuApr2021.html

https://www.wireshark.org/security/wnpa-sec-2021-02.html

https://gitlab.com/gitlab-org/cves/-/blob/master/2021/CVE-2021-22174.json

https://gitlab.com/wireshark/wireshark/-/issues/17165

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GND3PIQC3KZALR227V4YUMPKJBA5BZG4/

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NYXLKQJ3D632XSG6VO7M4YFDAG6GRCLY/

https://security.gentoo.org/glsa/202107-21

https://www.oracle.com/security-alerts/cpuApr2021.html

https://www.wireshark.org/security/wnpa-sec-2021-02.html