====================================================================

                             CERT-Renater

                 Note d'Information No. 2021/VULN158
_____________________________________________________________________

DATE                : 11/03/2021

HARDWARE PLATFORM(S): /

OPERATING SYSTEM(S): Systems running Wireshark versions prior to 3.4.4,
                                          3.2.12.

=====================================================================
https://www.wireshark.org/security/wnpa-sec-2021-03.html
_____________________________________________________________________

wnpa-sec-2021-03 · Wireshark could open unsafe URLs.


Summary

Name: Wireshark could open unsafe URLs.

Docid: wnpa-sec-2021-03

Date: March 10, 2021

Affected versions: 3.4.0 to 3.4.3, 3.2.0 to 3.2.11

Fixed versions: 3.4.4, 3.2.12

References:
Wireshark bug 17232
CVE-2021-22191


Details


Description

Wireshark could open unsafe URLs. Discovered by Lukas Euler.


Impact

It may be possible to make Wireshark crash by injecting a malformed
packet onto the wire or by convincing someone to read a malformed packet
trace file.


Resolution

Upgrade to Wireshark 3.4.4, 3.2.12 or later.



=========================================================
+ CERT-RENATER       |    tel : 01-53-94-20-44          +
+ 23/25 Rue Daviel   |    fax : 01-53-94-20-41          +
+ 75013 Paris        |    email:cert@support.renater.fr +
=========================================================