CVE-2021-39923 : Security Advisory and Response

Large loop in the PNRP dissector in Wireshark 3.4.0 to 3.4.9 and 3.2.0 to 3.2.17 allows denial of service via packet injection or crafted capture file.

Understanding CVE-2021-39923

This CVE involves a vulnerability in Wireshark that could lead to a denial of service attack by exploiting a large loop in the PNRP dissector.

What is CVE-2021-39923?

The CVE-2021-39923 vulnerability in Wireshark versions 3.2.0 to 3.2.17 and 3.4.0 to 3.4.9 enables an attacker to perform a denial of service attack through packet injection or a crafted capture file.

The Impact of CVE-2021-39923

The impact of this vulnerability is rated as high based on the CVSS v3.1 with a base score of 7.5. It affects the availability of the system, requiring no user interaction and no privileges to exploit.

Technical Details of CVE-2021-39923

This section covers technical details of the CVE for better understanding.

Vulnerability Description

The vulnerability involves a large loop in the PNRP dissector in Wireshark versions 3.2.0 to 3.2.17 and 3.4.0 to 3.4.9.

Affected Systems and Versions

Affected Product: Wireshark
Vendor: Wireshark Foundation
Versions:
=3.2.0, <3.2.18

=3.4.0, <3.4.10

Exploitation Mechanism

The vulnerability can be exploited through packet injection or using a specially crafted capture file.

Mitigation and Prevention

Understanding how to mitigate and prevent the CVE-2021-39923 vulnerability is crucial.

Immediate Steps to Take

Update Wireshark to versions 3.2.18 or 3.4.10, where the vulnerability is patched.
Avoid opening suspicious capture files or data from untrusted sources.

Long-Term Security Practices

Regularly update Wireshark and other software to the latest versions.
Implement network-level security measures to detect and block malicious traffic.
Conduct regular security audits and penetration testing to identify vulnerabilities.

Patching and Updates

Stay informed about security advisories from Wireshark and apply patches promptly to secure your systems.