Headline
CVE-2021-39924: Wireshark · wnpa-sec-2021-10 · Bluetooth DHT dissector large loop
Large loop in the Bluetooth DHT dissector in Wireshark 3.4.0 to 3.4.9 and 3.2.0 to 3.2.17 allows denial of service via packet injection or crafted capture file
wnpa-sec-2021-10 · Bluetooth DHT dissector large loop
Summary
Name: Bluetooth DHT dissector large loop
Docid: wnpa-sec-2021-10
Date: November 17, 2021
Affected versions: 3.4.0 to 3.4.9, 3.2.0 to 3.2.17
Fixed versions: 3.4.10, 3.2.18
References:
Wireshark issue 17677
CVE-2021-39924
Details****Description
The Bluetooth DHT dissector could go into a large loop
Impact
It may be possible to make Wireshark consume excessive CPU resources by injecting a malformed packet onto the wire or by convincing someone to read a malformed packet trace file.
Resolution
Upgrade to Wireshark 3.4.10, 3.2.18 or later.