CVE-2021-22174 vulnerability in Wireshark and Other Products
Published on February 17, 2021

Crash in USB HID dissector in Wireshark 3.4.0 to 3.4.2 allows denial of service via packet injection or crafted capture file

Vendor Advisory Vendor Advisory Vendor Advisory NVD

Vulnerability Analysis

CVE-2021-22174 is exploitable with network access, and does not require authorization privileges or user interaction. This vulnerability is consided to have a high level of attack complexity. The potential impact of an exploit of this vulnerability is considered to have no impact on confidentiality and integrity, and a small impact on availability.

Attack Vector:

NETWORK

Attack Complexity:

HIGH

Privileges Required:

NONE

User Interaction:

NONE

Scope:

UNCHANGED

Confidentiality Impact:

NONE

Integrity Impact:

NONE

Availability Impact:

LOW

Products Associated with CVE-2021-22174

You can be notified by email with stack.watch whenever vulnerabilities like CVE-2021-22174 are published in these products:

Wireshark

Fedora Project Fedora

Oracle Zfs Storage Appliance

Affected Versions

The Wireshark Foundation Wireshark Version >=3.4.0, <3.4.3 is affected by CVE-2021-22174

Exploit Probability

EPSS

0.19%

Percentile

40.74%

EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.

CVE-2021-22174 vulnerability in Wireshark and Other ProductsPublished on February 17, 2021

Vulnerability Analysis

Products Associated with CVE-2021-22174

Affected Versions

Exploit Probability

CVE-2021-22174 vulnerability in Wireshark and Other Products
Published on February 17, 2021