CVE-2021-22191

Summary

Improper URL handling in Wireshark 3.4.0 to 3.4.3 and 3.2.0 to 3.2.11 could allow remote code execution via via packet injection or crafted capture file.

Affected Software

VendorProductVersion RangeStatus
The Wireshark FoundationWireshark>=3.4.0, <3.4.4affected
The Wireshark FoundationWireshark>=3.2.0, <3.2.12affected

Weaknesses

  • External control of file name or path in Wireshark

ADP Enrichment

CVE Program Container

Additional References

References