Security Bulletin
This security bulletin contains information about 9 vulnerabilities.
EUVDB-ID: #VU49033
Risk: Medium
CVSSv3.1: 4.6 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:U/RL:O/RC:C]
CVE-ID: CVE-2020-26418
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within Kafka protocol dissector in Wireshark 3.4.0 and 3.2.0 to 3.2.8 allows denial of service via packet injection or crafted capture file. A remote attacker can perform a denial of service attack.
MitigationUpdate the affected package wireshark to the latest version.
Vulnerable software versionsSUSE Manager Proxy: 4.0
SUSE Manager Retail Branch Server: 4.0
SUSE Manager Server: 4.0
SUSE Linux Enterprise Server for SAP: 15 - 15-SP1
SUSE Linux Enterprise High Performance Computing: 15-ESPOS - 15-SP1-LTSS
SUSE Enterprise Storage: 6
SUSE CaaS Platform: 4.0
SUSE Linux Enterprise Server: 15-LTSS - 15-SP1-LTSS
SUSE Linux Enterprise Module for Desktop Applications: 15-SP2 - 15-SP3
SUSE Linux Enterprise Module for Basesystem: 15-SP2 - 15-SP3
libvirt-daemon-xen: before 4.0.0-9.37.21
libvirt-daemon-driver-storage-rbd-debuginfo: before 4.0.0-9.37.21
libvirt-daemon-driver-storage-rbd: before 4.0.0-9.37.21
libvirt-daemon-driver-libxl-debuginfo: before 4.0.0-9.37.21
libvirt-daemon-driver-libxl: before 4.0.0-9.37.21
libvirt-nss-debuginfo: before 4.0.0-9.37.21
libvirt-nss: before 4.0.0-9.37.21
libvirt-lock-sanlock-debuginfo: before 4.0.0-9.37.21
libvirt-lock-sanlock: before 4.0.0-9.37.21
libvirt-libs-debuginfo: before 4.0.0-9.37.21
libvirt-libs: before 4.0.0-9.37.21
libvirt-doc: before 4.0.0-9.37.21
libvirt-devel: before 4.0.0-9.37.21
libvirt-debugsource: before 4.0.0-9.37.21
libvirt-daemon-qemu: before 4.0.0-9.37.21
libvirt-daemon-lxc: before 4.0.0-9.37.21
libvirt-daemon-hooks: before 4.0.0-9.37.21
libvirt-daemon-driver-storage-scsi-debuginfo: before 4.0.0-9.37.21
libvirt-daemon-driver-storage-scsi: before 4.0.0-9.37.21
libvirt-daemon-driver-storage-mpath-debuginfo: before 4.0.0-9.37.21
libvirt-daemon-driver-storage-mpath: before 4.0.0-9.37.21
libvirt-daemon-driver-storage-logical-debuginfo: before 4.0.0-9.37.21
libvirt-daemon-driver-storage-logical: before 4.0.0-9.37.21
libvirt-daemon-driver-storage-iscsi-debuginfo: before 4.0.0-9.37.21
libvirt-daemon-driver-storage-iscsi: before 4.0.0-9.37.21
libvirt-daemon-driver-storage-disk-debuginfo: before 4.0.0-9.37.21
libvirt-daemon-driver-storage-disk: before 4.0.0-9.37.21
libvirt-daemon-driver-storage-core-debuginfo: before 4.0.0-9.37.21
libvirt-daemon-driver-storage-core: before 4.0.0-9.37.21
libvirt-daemon-driver-storage: before 4.0.0-9.37.21
libvirt-daemon-driver-secret-debuginfo: before 4.0.0-9.37.21
libvirt-daemon-driver-secret: before 4.0.0-9.37.21
libvirt-daemon-driver-qemu-debuginfo: before 4.0.0-9.37.21
libvirt-daemon-driver-qemu: before 4.0.0-9.37.21
libvirt-daemon-driver-nwfilter-debuginfo: before 4.0.0-9.37.21
libvirt-daemon-driver-nwfilter: before 4.0.0-9.37.21
libvirt-daemon-driver-nodedev-debuginfo: before 4.0.0-9.37.21
libvirt-daemon-driver-nodedev: before 4.0.0-9.37.21
libvirt-daemon-driver-network-debuginfo: before 4.0.0-9.37.21
libvirt-daemon-driver-network: before 4.0.0-9.37.21
libvirt-daemon-driver-lxc-debuginfo: before 4.0.0-9.37.21
libvirt-daemon-driver-lxc: before 4.0.0-9.37.21
libvirt-daemon-driver-interface-debuginfo: before 4.0.0-9.37.21
libvirt-daemon-driver-interface: before 4.0.0-9.37.21
libvirt-daemon-debuginfo: before 4.0.0-9.37.21
libvirt-daemon-config-nwfilter: before 4.0.0-9.37.21
libvirt-daemon-config-network: before 4.0.0-9.37.21
libvirt-daemon: before 4.0.0-9.37.21
libvirt-client-debuginfo: before 4.0.0-9.37.21
libvirt-client: before 4.0.0-9.37.21
libvirt-admin-debuginfo: before 4.0.0-9.37.21
libvirt-admin: before 4.0.0-9.37.21
libvirt: before 4.0.0-9.37.21
libqt5-qtmultimedia-private-headers-devel: before 5.9.7-7.2.1
wireshark-ui-qt-debuginfo: before 3.4.5-3.53.1
wireshark-ui-qt: before 3.4.5-3.53.1
wireshark-devel: before 3.4.5-3.53.1
wireshark-debugsource: before 3.4.5-3.53.1
wireshark-debuginfo: before 3.4.5-3.53.1
wireshark: before 3.4.5-3.53.1
sbc-devel: before 1.3-3.2.1
sbc-debugsource: before 1.3-3.2.1
sbc-debuginfo: before 1.3-3.2.1
libwsutil12-debuginfo: before 3.4.5-3.53.1
libwsutil12: before 3.4.5-3.53.1
libwiretap11-debuginfo: before 3.4.5-3.53.1
libwiretap11: before 3.4.5-3.53.1
libwireshark14-debuginfo: before 3.4.5-3.53.1
libwireshark14: before 3.4.5-3.53.1
libsbc1-debuginfo: before 1.3-3.2.1
libsbc1: before 1.3-3.2.1
libqt5-qtmultimedia-devel: before 5.9.7-7.2.1
libqt5-qtmultimedia-debugsource: before 5.9.7-7.2.1
libQt5Multimedia5-debuginfo: before 5.9.7-7.2.1
libQt5Multimedia5: before 5.9.7-7.2.1
External linkshttp://www.suse.com/support/update/announcement/2021/suse-su-20212125-1/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU49034
Risk: Medium
CVSSv3.1: 4.6 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:U/RL:O/RC:C]
CVE-ID: CVE-2020-26419
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the dissection engine in Wireshark 3.4.0 allows denial of service via packet injection or crafted capture file. A remote attacker can perform a denial of service attack.
MitigationUpdate the affected package wireshark to the latest version.
Vulnerable software versionsSUSE Manager Proxy: 4.0
SUSE Manager Retail Branch Server: 4.0
SUSE Manager Server: 4.0
SUSE Linux Enterprise Server for SAP: 15 - 15-SP1
SUSE Linux Enterprise High Performance Computing: 15-ESPOS - 15-SP1-LTSS
SUSE Enterprise Storage: 6
SUSE CaaS Platform: 4.0
SUSE Linux Enterprise Server: 15-LTSS - 15-SP1-LTSS
SUSE Linux Enterprise Module for Desktop Applications: 15-SP2 - 15-SP3
SUSE Linux Enterprise Module for Basesystem: 15-SP2 - 15-SP3
libvirt-daemon-xen: before 4.0.0-9.37.21
libvirt-daemon-driver-storage-rbd-debuginfo: before 4.0.0-9.37.21
libvirt-daemon-driver-storage-rbd: before 4.0.0-9.37.21
libvirt-daemon-driver-libxl-debuginfo: before 4.0.0-9.37.21
libvirt-daemon-driver-libxl: before 4.0.0-9.37.21
libvirt-nss-debuginfo: before 4.0.0-9.37.21
libvirt-nss: before 4.0.0-9.37.21
libvirt-lock-sanlock-debuginfo: before 4.0.0-9.37.21
libvirt-lock-sanlock: before 4.0.0-9.37.21
libvirt-libs-debuginfo: before 4.0.0-9.37.21
libvirt-libs: before 4.0.0-9.37.21
libvirt-doc: before 4.0.0-9.37.21
libvirt-devel: before 4.0.0-9.37.21
libvirt-debugsource: before 4.0.0-9.37.21
libvirt-daemon-qemu: before 4.0.0-9.37.21
libvirt-daemon-lxc: before 4.0.0-9.37.21
libvirt-daemon-hooks: before 4.0.0-9.37.21
libvirt-daemon-driver-storage-scsi-debuginfo: before 4.0.0-9.37.21
libvirt-daemon-driver-storage-scsi: before 4.0.0-9.37.21
libvirt-daemon-driver-storage-mpath-debuginfo: before 4.0.0-9.37.21
libvirt-daemon-driver-storage-mpath: before 4.0.0-9.37.21
libvirt-daemon-driver-storage-logical-debuginfo: before 4.0.0-9.37.21
libvirt-daemon-driver-storage-logical: before 4.0.0-9.37.21
libvirt-daemon-driver-storage-iscsi-debuginfo: before 4.0.0-9.37.21
libvirt-daemon-driver-storage-iscsi: before 4.0.0-9.37.21
libvirt-daemon-driver-storage-disk-debuginfo: before 4.0.0-9.37.21
libvirt-daemon-driver-storage-disk: before 4.0.0-9.37.21
libvirt-daemon-driver-storage-core-debuginfo: before 4.0.0-9.37.21
libvirt-daemon-driver-storage-core: before 4.0.0-9.37.21
libvirt-daemon-driver-storage: before 4.0.0-9.37.21
libvirt-daemon-driver-secret-debuginfo: before 4.0.0-9.37.21
libvirt-daemon-driver-secret: before 4.0.0-9.37.21
libvirt-daemon-driver-qemu-debuginfo: before 4.0.0-9.37.21
libvirt-daemon-driver-qemu: before 4.0.0-9.37.21
libvirt-daemon-driver-nwfilter-debuginfo: before 4.0.0-9.37.21
libvirt-daemon-driver-nwfilter: before 4.0.0-9.37.21
libvirt-daemon-driver-nodedev-debuginfo: before 4.0.0-9.37.21
libvirt-daemon-driver-nodedev: before 4.0.0-9.37.21
libvirt-daemon-driver-network-debuginfo: before 4.0.0-9.37.21
libvirt-daemon-driver-network: before 4.0.0-9.37.21
libvirt-daemon-driver-lxc-debuginfo: before 4.0.0-9.37.21
libvirt-daemon-driver-lxc: before 4.0.0-9.37.21
libvirt-daemon-driver-interface-debuginfo: before 4.0.0-9.37.21
libvirt-daemon-driver-interface: before 4.0.0-9.37.21
libvirt-daemon-debuginfo: before 4.0.0-9.37.21
libvirt-daemon-config-nwfilter: before 4.0.0-9.37.21
libvirt-daemon-config-network: before 4.0.0-9.37.21
libvirt-daemon: before 4.0.0-9.37.21
libvirt-client-debuginfo: before 4.0.0-9.37.21
libvirt-client: before 4.0.0-9.37.21
libvirt-admin-debuginfo: before 4.0.0-9.37.21
libvirt-admin: before 4.0.0-9.37.21
libvirt: before 4.0.0-9.37.21
libqt5-qtmultimedia-private-headers-devel: before 5.9.7-7.2.1
wireshark-ui-qt-debuginfo: before 3.4.5-3.53.1
wireshark-ui-qt: before 3.4.5-3.53.1
wireshark-devel: before 3.4.5-3.53.1
wireshark-debugsource: before 3.4.5-3.53.1
wireshark-debuginfo: before 3.4.5-3.53.1
wireshark: before 3.4.5-3.53.1
sbc-devel: before 1.3-3.2.1
sbc-debugsource: before 1.3-3.2.1
sbc-debuginfo: before 1.3-3.2.1
libwsutil12-debuginfo: before 3.4.5-3.53.1
libwsutil12: before 3.4.5-3.53.1
libwiretap11-debuginfo: before 3.4.5-3.53.1
libwiretap11: before 3.4.5-3.53.1
libwireshark14-debuginfo: before 3.4.5-3.53.1
libwireshark14: before 3.4.5-3.53.1
libsbc1-debuginfo: before 1.3-3.2.1
libsbc1: before 1.3-3.2.1
libqt5-qtmultimedia-devel: before 5.9.7-7.2.1
libqt5-qtmultimedia-debugsource: before 5.9.7-7.2.1
libQt5Multimedia5-debuginfo: before 5.9.7-7.2.1
libQt5Multimedia5: before 5.9.7-7.2.1
External linkshttp://www.suse.com/support/update/announcement/2021/suse-su-20212125-1/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU49035
Risk: Medium
CVSSv3.1: 4.6 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:U/RL:O/RC:C]
CVE-ID: CVE-2020-26420
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within RTPS protocol dissector in Wireshark 3.4.0 and 3.2.0 to 3.2.8 allows denial of service via packet injection or crafted capture file. A remote attacker can perform a denial of service attack.
MitigationUpdate the affected package wireshark to the latest version.
Vulnerable software versionsSUSE Manager Proxy: 4.0
SUSE Manager Retail Branch Server: 4.0
SUSE Manager Server: 4.0
SUSE Linux Enterprise Server for SAP: 15 - 15-SP1
SUSE Linux Enterprise High Performance Computing: 15-ESPOS - 15-SP1-LTSS
SUSE Enterprise Storage: 6
SUSE CaaS Platform: 4.0
SUSE Linux Enterprise Server: 15-LTSS - 15-SP1-LTSS
SUSE Linux Enterprise Module for Desktop Applications: 15-SP2 - 15-SP3
SUSE Linux Enterprise Module for Basesystem: 15-SP2 - 15-SP3
libvirt-daemon-xen: before 4.0.0-9.37.21
libvirt-daemon-driver-storage-rbd-debuginfo: before 4.0.0-9.37.21
libvirt-daemon-driver-storage-rbd: before 4.0.0-9.37.21
libvirt-daemon-driver-libxl-debuginfo: before 4.0.0-9.37.21
libvirt-daemon-driver-libxl: before 4.0.0-9.37.21
libvirt-nss-debuginfo: before 4.0.0-9.37.21
libvirt-nss: before 4.0.0-9.37.21
libvirt-lock-sanlock-debuginfo: before 4.0.0-9.37.21
libvirt-lock-sanlock: before 4.0.0-9.37.21
libvirt-libs-debuginfo: before 4.0.0-9.37.21
libvirt-libs: before 4.0.0-9.37.21
libvirt-doc: before 4.0.0-9.37.21
libvirt-devel: before 4.0.0-9.37.21
libvirt-debugsource: before 4.0.0-9.37.21
libvirt-daemon-qemu: before 4.0.0-9.37.21
libvirt-daemon-lxc: before 4.0.0-9.37.21
libvirt-daemon-hooks: before 4.0.0-9.37.21
libvirt-daemon-driver-storage-scsi-debuginfo: before 4.0.0-9.37.21
libvirt-daemon-driver-storage-scsi: before 4.0.0-9.37.21
libvirt-daemon-driver-storage-mpath-debuginfo: before 4.0.0-9.37.21
libvirt-daemon-driver-storage-mpath: before 4.0.0-9.37.21
libvirt-daemon-driver-storage-logical-debuginfo: before 4.0.0-9.37.21
libvirt-daemon-driver-storage-logical: before 4.0.0-9.37.21
libvirt-daemon-driver-storage-iscsi-debuginfo: before 4.0.0-9.37.21
libvirt-daemon-driver-storage-iscsi: before 4.0.0-9.37.21
libvirt-daemon-driver-storage-disk-debuginfo: before 4.0.0-9.37.21
libvirt-daemon-driver-storage-disk: before 4.0.0-9.37.21
libvirt-daemon-driver-storage-core-debuginfo: before 4.0.0-9.37.21
libvirt-daemon-driver-storage-core: before 4.0.0-9.37.21
libvirt-daemon-driver-storage: before 4.0.0-9.37.21
libvirt-daemon-driver-secret-debuginfo: before 4.0.0-9.37.21
libvirt-daemon-driver-secret: before 4.0.0-9.37.21
libvirt-daemon-driver-qemu-debuginfo: before 4.0.0-9.37.21
libvirt-daemon-driver-qemu: before 4.0.0-9.37.21
libvirt-daemon-driver-nwfilter-debuginfo: before 4.0.0-9.37.21
libvirt-daemon-driver-nwfilter: before 4.0.0-9.37.21
libvirt-daemon-driver-nodedev-debuginfo: before 4.0.0-9.37.21
libvirt-daemon-driver-nodedev: before 4.0.0-9.37.21
libvirt-daemon-driver-network-debuginfo: before 4.0.0-9.37.21
libvirt-daemon-driver-network: before 4.0.0-9.37.21
libvirt-daemon-driver-lxc-debuginfo: before 4.0.0-9.37.21
libvirt-daemon-driver-lxc: before 4.0.0-9.37.21
libvirt-daemon-driver-interface-debuginfo: before 4.0.0-9.37.21
libvirt-daemon-driver-interface: before 4.0.0-9.37.21
libvirt-daemon-debuginfo: before 4.0.0-9.37.21
libvirt-daemon-config-nwfilter: before 4.0.0-9.37.21
libvirt-daemon-config-network: before 4.0.0-9.37.21
libvirt-daemon: before 4.0.0-9.37.21
libvirt-client-debuginfo: before 4.0.0-9.37.21
libvirt-client: before 4.0.0-9.37.21
libvirt-admin-debuginfo: before 4.0.0-9.37.21
libvirt-admin: before 4.0.0-9.37.21
libvirt: before 4.0.0-9.37.21
libqt5-qtmultimedia-private-headers-devel: before 5.9.7-7.2.1
wireshark-ui-qt-debuginfo: before 3.4.5-3.53.1
wireshark-ui-qt: before 3.4.5-3.53.1
wireshark-devel: before 3.4.5-3.53.1
wireshark-debugsource: before 3.4.5-3.53.1
wireshark-debuginfo: before 3.4.5-3.53.1
wireshark: before 3.4.5-3.53.1
sbc-devel: before 1.3-3.2.1
sbc-debugsource: before 1.3-3.2.1
sbc-debuginfo: before 1.3-3.2.1
libwsutil12-debuginfo: before 3.4.5-3.53.1
libwsutil12: before 3.4.5-3.53.1
libwiretap11-debuginfo: before 3.4.5-3.53.1
libwiretap11: before 3.4.5-3.53.1
libwireshark14-debuginfo: before 3.4.5-3.53.1
libwireshark14: before 3.4.5-3.53.1
libsbc1-debuginfo: before 1.3-3.2.1
libsbc1: before 1.3-3.2.1
libqt5-qtmultimedia-devel: before 5.9.7-7.2.1
libqt5-qtmultimedia-debugsource: before 5.9.7-7.2.1
libQt5Multimedia5-debuginfo: before 5.9.7-7.2.1
libQt5Multimedia5: before 5.9.7-7.2.1
External linkshttp://www.suse.com/support/update/announcement/2021/suse-su-20212125-1/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU49036
Risk: Medium
CVSSv3.1: 4.6 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:U/RL:O/RC:C]
CVE-ID: CVE-2020-26421
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a remote non-authenticated attacker to perform service disruption.
Crash in USB HID protocol dissector and possibly other dissectors in Wireshark 3.4.0 and 3.2.0 to 3.2.8 allows denial of service via packet injection or crafted capture file.
MitigationUpdate the affected package wireshark to the latest version.
Vulnerable software versionsSUSE Manager Proxy: 4.0
SUSE Manager Retail Branch Server: 4.0
SUSE Manager Server: 4.0
SUSE Linux Enterprise Server for SAP: 15 - 15-SP1
SUSE Linux Enterprise High Performance Computing: 15-ESPOS - 15-SP1-LTSS
SUSE Enterprise Storage: 6
SUSE CaaS Platform: 4.0
SUSE Linux Enterprise Server: 15-LTSS - 15-SP1-LTSS
SUSE Linux Enterprise Module for Desktop Applications: 15-SP2 - 15-SP3
SUSE Linux Enterprise Module for Basesystem: 15-SP2 - 15-SP3
libvirt-daemon-xen: before 4.0.0-9.37.21
libvirt-daemon-driver-storage-rbd-debuginfo: before 4.0.0-9.37.21
libvirt-daemon-driver-storage-rbd: before 4.0.0-9.37.21
libvirt-daemon-driver-libxl-debuginfo: before 4.0.0-9.37.21
libvirt-daemon-driver-libxl: before 4.0.0-9.37.21
libvirt-nss-debuginfo: before 4.0.0-9.37.21
libvirt-nss: before 4.0.0-9.37.21
libvirt-lock-sanlock-debuginfo: before 4.0.0-9.37.21
libvirt-lock-sanlock: before 4.0.0-9.37.21
libvirt-libs-debuginfo: before 4.0.0-9.37.21
libvirt-libs: before 4.0.0-9.37.21
libvirt-doc: before 4.0.0-9.37.21
libvirt-devel: before 4.0.0-9.37.21
libvirt-debugsource: before 4.0.0-9.37.21
libvirt-daemon-qemu: before 4.0.0-9.37.21
libvirt-daemon-lxc: before 4.0.0-9.37.21
libvirt-daemon-hooks: before 4.0.0-9.37.21
libvirt-daemon-driver-storage-scsi-debuginfo: before 4.0.0-9.37.21
libvirt-daemon-driver-storage-scsi: before 4.0.0-9.37.21
libvirt-daemon-driver-storage-mpath-debuginfo: before 4.0.0-9.37.21
libvirt-daemon-driver-storage-mpath: before 4.0.0-9.37.21
libvirt-daemon-driver-storage-logical-debuginfo: before 4.0.0-9.37.21
libvirt-daemon-driver-storage-logical: before 4.0.0-9.37.21
libvirt-daemon-driver-storage-iscsi-debuginfo: before 4.0.0-9.37.21
libvirt-daemon-driver-storage-iscsi: before 4.0.0-9.37.21
libvirt-daemon-driver-storage-disk-debuginfo: before 4.0.0-9.37.21
libvirt-daemon-driver-storage-disk: before 4.0.0-9.37.21
libvirt-daemon-driver-storage-core-debuginfo: before 4.0.0-9.37.21
libvirt-daemon-driver-storage-core: before 4.0.0-9.37.21
libvirt-daemon-driver-storage: before 4.0.0-9.37.21
libvirt-daemon-driver-secret-debuginfo: before 4.0.0-9.37.21
libvirt-daemon-driver-secret: before 4.0.0-9.37.21
libvirt-daemon-driver-qemu-debuginfo: before 4.0.0-9.37.21
libvirt-daemon-driver-qemu: before 4.0.0-9.37.21
libvirt-daemon-driver-nwfilter-debuginfo: before 4.0.0-9.37.21
libvirt-daemon-driver-nwfilter: before 4.0.0-9.37.21
libvirt-daemon-driver-nodedev-debuginfo: before 4.0.0-9.37.21
libvirt-daemon-driver-nodedev: before 4.0.0-9.37.21
libvirt-daemon-driver-network-debuginfo: before 4.0.0-9.37.21
libvirt-daemon-driver-network: before 4.0.0-9.37.21
libvirt-daemon-driver-lxc-debuginfo: before 4.0.0-9.37.21
libvirt-daemon-driver-lxc: before 4.0.0-9.37.21
libvirt-daemon-driver-interface-debuginfo: before 4.0.0-9.37.21
libvirt-daemon-driver-interface: before 4.0.0-9.37.21
libvirt-daemon-debuginfo: before 4.0.0-9.37.21
libvirt-daemon-config-nwfilter: before 4.0.0-9.37.21
libvirt-daemon-config-network: before 4.0.0-9.37.21
libvirt-daemon: before 4.0.0-9.37.21
libvirt-client-debuginfo: before 4.0.0-9.37.21
libvirt-client: before 4.0.0-9.37.21
libvirt-admin-debuginfo: before 4.0.0-9.37.21
libvirt-admin: before 4.0.0-9.37.21
libvirt: before 4.0.0-9.37.21
libqt5-qtmultimedia-private-headers-devel: before 5.9.7-7.2.1
wireshark-ui-qt-debuginfo: before 3.4.5-3.53.1
wireshark-ui-qt: before 3.4.5-3.53.1
wireshark-devel: before 3.4.5-3.53.1
wireshark-debugsource: before 3.4.5-3.53.1
wireshark-debuginfo: before 3.4.5-3.53.1
wireshark: before 3.4.5-3.53.1
sbc-devel: before 1.3-3.2.1
sbc-debugsource: before 1.3-3.2.1
sbc-debuginfo: before 1.3-3.2.1
libwsutil12-debuginfo: before 3.4.5-3.53.1
libwsutil12: before 3.4.5-3.53.1
libwiretap11-debuginfo: before 3.4.5-3.53.1
libwiretap11: before 3.4.5-3.53.1
libwireshark14-debuginfo: before 3.4.5-3.53.1
libwireshark14: before 3.4.5-3.53.1
libsbc1-debuginfo: before 1.3-3.2.1
libsbc1: before 1.3-3.2.1
libqt5-qtmultimedia-devel: before 5.9.7-7.2.1
libqt5-qtmultimedia-debugsource: before 5.9.7-7.2.1
libQt5Multimedia5-debuginfo: before 5.9.7-7.2.1
libQt5Multimedia5: before 5.9.7-7.2.1
External linkshttp://www.suse.com/support/update/announcement/2021/suse-su-20212125-1/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU49095
Risk: Medium
CVSSv3.1: 6.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2020-26422
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to insufficient validation of user-supplied input within the QUIC dissector. A remote attacker can pass specially crafted input to the application and perform a denial of service (DoS) attack.
MitigationUpdate the affected package wireshark to the latest version.
Vulnerable software versionsSUSE Manager Proxy: 4.0
SUSE Manager Retail Branch Server: 4.0
SUSE Manager Server: 4.0
SUSE Linux Enterprise Server for SAP: 15 - 15-SP1
SUSE Linux Enterprise High Performance Computing: 15-ESPOS - 15-SP1-LTSS
SUSE Enterprise Storage: 6
SUSE CaaS Platform: 4.0
SUSE Linux Enterprise Server: 15-LTSS - 15-SP1-LTSS
SUSE Linux Enterprise Module for Desktop Applications: 15-SP2 - 15-SP3
SUSE Linux Enterprise Module for Basesystem: 15-SP2 - 15-SP3
libvirt-daemon-xen: before 4.0.0-9.37.21
libvirt-daemon-driver-storage-rbd-debuginfo: before 4.0.0-9.37.21
libvirt-daemon-driver-storage-rbd: before 4.0.0-9.37.21
libvirt-daemon-driver-libxl-debuginfo: before 4.0.0-9.37.21
libvirt-daemon-driver-libxl: before 4.0.0-9.37.21
libvirt-nss-debuginfo: before 4.0.0-9.37.21
libvirt-nss: before 4.0.0-9.37.21
libvirt-lock-sanlock-debuginfo: before 4.0.0-9.37.21
libvirt-lock-sanlock: before 4.0.0-9.37.21
libvirt-libs-debuginfo: before 4.0.0-9.37.21
libvirt-libs: before 4.0.0-9.37.21
libvirt-doc: before 4.0.0-9.37.21
libvirt-devel: before 4.0.0-9.37.21
libvirt-debugsource: before 4.0.0-9.37.21
libvirt-daemon-qemu: before 4.0.0-9.37.21
libvirt-daemon-lxc: before 4.0.0-9.37.21
libvirt-daemon-hooks: before 4.0.0-9.37.21
libvirt-daemon-driver-storage-scsi-debuginfo: before 4.0.0-9.37.21
libvirt-daemon-driver-storage-scsi: before 4.0.0-9.37.21
libvirt-daemon-driver-storage-mpath-debuginfo: before 4.0.0-9.37.21
libvirt-daemon-driver-storage-mpath: before 4.0.0-9.37.21
libvirt-daemon-driver-storage-logical-debuginfo: before 4.0.0-9.37.21
libvirt-daemon-driver-storage-logical: before 4.0.0-9.37.21
libvirt-daemon-driver-storage-iscsi-debuginfo: before 4.0.0-9.37.21
libvirt-daemon-driver-storage-iscsi: before 4.0.0-9.37.21
libvirt-daemon-driver-storage-disk-debuginfo: before 4.0.0-9.37.21
libvirt-daemon-driver-storage-disk: before 4.0.0-9.37.21
libvirt-daemon-driver-storage-core-debuginfo: before 4.0.0-9.37.21
libvirt-daemon-driver-storage-core: before 4.0.0-9.37.21
libvirt-daemon-driver-storage: before 4.0.0-9.37.21
libvirt-daemon-driver-secret-debuginfo: before 4.0.0-9.37.21
libvirt-daemon-driver-secret: before 4.0.0-9.37.21
libvirt-daemon-driver-qemu-debuginfo: before 4.0.0-9.37.21
libvirt-daemon-driver-qemu: before 4.0.0-9.37.21
libvirt-daemon-driver-nwfilter-debuginfo: before 4.0.0-9.37.21
libvirt-daemon-driver-nwfilter: before 4.0.0-9.37.21
libvirt-daemon-driver-nodedev-debuginfo: before 4.0.0-9.37.21
libvirt-daemon-driver-nodedev: before 4.0.0-9.37.21
libvirt-daemon-driver-network-debuginfo: before 4.0.0-9.37.21
libvirt-daemon-driver-network: before 4.0.0-9.37.21
libvirt-daemon-driver-lxc-debuginfo: before 4.0.0-9.37.21
libvirt-daemon-driver-lxc: before 4.0.0-9.37.21
libvirt-daemon-driver-interface-debuginfo: before 4.0.0-9.37.21
libvirt-daemon-driver-interface: before 4.0.0-9.37.21
libvirt-daemon-debuginfo: before 4.0.0-9.37.21
libvirt-daemon-config-nwfilter: before 4.0.0-9.37.21
libvirt-daemon-config-network: before 4.0.0-9.37.21
libvirt-daemon: before 4.0.0-9.37.21
libvirt-client-debuginfo: before 4.0.0-9.37.21
libvirt-client: before 4.0.0-9.37.21
libvirt-admin-debuginfo: before 4.0.0-9.37.21
libvirt-admin: before 4.0.0-9.37.21
libvirt: before 4.0.0-9.37.21
libqt5-qtmultimedia-private-headers-devel: before 5.9.7-7.2.1
wireshark-ui-qt-debuginfo: before 3.4.5-3.53.1
wireshark-ui-qt: before 3.4.5-3.53.1
wireshark-devel: before 3.4.5-3.53.1
wireshark-debugsource: before 3.4.5-3.53.1
wireshark-debuginfo: before 3.4.5-3.53.1
wireshark: before 3.4.5-3.53.1
sbc-devel: before 1.3-3.2.1
sbc-debugsource: before 1.3-3.2.1
sbc-debuginfo: before 1.3-3.2.1
libwsutil12-debuginfo: before 3.4.5-3.53.1
libwsutil12: before 3.4.5-3.53.1
libwiretap11-debuginfo: before 3.4.5-3.53.1
libwiretap11: before 3.4.5-3.53.1
libwireshark14-debuginfo: before 3.4.5-3.53.1
libwireshark14: before 3.4.5-3.53.1
libsbc1-debuginfo: before 1.3-3.2.1
libsbc1: before 1.3-3.2.1
libqt5-qtmultimedia-devel: before 5.9.7-7.2.1
libqt5-qtmultimedia-debugsource: before 5.9.7-7.2.1
libQt5Multimedia5-debuginfo: before 5.9.7-7.2.1
libQt5Multimedia5: before 5.9.7-7.2.1
External linkshttp://www.suse.com/support/update/announcement/2021/suse-su-20212125-1/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU50148
Risk: Medium
CVSSv3.1: 5.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-22173
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform DoS attack on the target system.
The vulnerability exists due memory leak within USB HID dissector. A remote attacker can force the application to leak memory and perform denial of service attack.
MitigationUpdate the affected package wireshark to the latest version.
Vulnerable software versionsSUSE Manager Proxy: 4.0
SUSE Manager Retail Branch Server: 4.0
SUSE Manager Server: 4.0
SUSE Linux Enterprise Server for SAP: 15 - 15-SP1
SUSE Linux Enterprise High Performance Computing: 15-ESPOS - 15-SP1-LTSS
SUSE Enterprise Storage: 6
SUSE CaaS Platform: 4.0
SUSE Linux Enterprise Server: 15-LTSS - 15-SP1-LTSS
SUSE Linux Enterprise Module for Desktop Applications: 15-SP2 - 15-SP3
SUSE Linux Enterprise Module for Basesystem: 15-SP2 - 15-SP3
libvirt-daemon-xen: before 4.0.0-9.37.21
libvirt-daemon-driver-storage-rbd-debuginfo: before 4.0.0-9.37.21
libvirt-daemon-driver-storage-rbd: before 4.0.0-9.37.21
libvirt-daemon-driver-libxl-debuginfo: before 4.0.0-9.37.21
libvirt-daemon-driver-libxl: before 4.0.0-9.37.21
libvirt-nss-debuginfo: before 4.0.0-9.37.21
libvirt-nss: before 4.0.0-9.37.21
libvirt-lock-sanlock-debuginfo: before 4.0.0-9.37.21
libvirt-lock-sanlock: before 4.0.0-9.37.21
libvirt-libs-debuginfo: before 4.0.0-9.37.21
libvirt-libs: before 4.0.0-9.37.21
libvirt-doc: before 4.0.0-9.37.21
libvirt-devel: before 4.0.0-9.37.21
libvirt-debugsource: before 4.0.0-9.37.21
libvirt-daemon-qemu: before 4.0.0-9.37.21
libvirt-daemon-lxc: before 4.0.0-9.37.21
libvirt-daemon-hooks: before 4.0.0-9.37.21
libvirt-daemon-driver-storage-scsi-debuginfo: before 4.0.0-9.37.21
libvirt-daemon-driver-storage-scsi: before 4.0.0-9.37.21
libvirt-daemon-driver-storage-mpath-debuginfo: before 4.0.0-9.37.21
libvirt-daemon-driver-storage-mpath: before 4.0.0-9.37.21
libvirt-daemon-driver-storage-logical-debuginfo: before 4.0.0-9.37.21
libvirt-daemon-driver-storage-logical: before 4.0.0-9.37.21
libvirt-daemon-driver-storage-iscsi-debuginfo: before 4.0.0-9.37.21
libvirt-daemon-driver-storage-iscsi: before 4.0.0-9.37.21
libvirt-daemon-driver-storage-disk-debuginfo: before 4.0.0-9.37.21
libvirt-daemon-driver-storage-disk: before 4.0.0-9.37.21
libvirt-daemon-driver-storage-core-debuginfo: before 4.0.0-9.37.21
libvirt-daemon-driver-storage-core: before 4.0.0-9.37.21
libvirt-daemon-driver-storage: before 4.0.0-9.37.21
libvirt-daemon-driver-secret-debuginfo: before 4.0.0-9.37.21
libvirt-daemon-driver-secret: before 4.0.0-9.37.21
libvirt-daemon-driver-qemu-debuginfo: before 4.0.0-9.37.21
libvirt-daemon-driver-qemu: before 4.0.0-9.37.21
libvirt-daemon-driver-nwfilter-debuginfo: before 4.0.0-9.37.21
libvirt-daemon-driver-nwfilter: before 4.0.0-9.37.21
libvirt-daemon-driver-nodedev-debuginfo: before 4.0.0-9.37.21
libvirt-daemon-driver-nodedev: before 4.0.0-9.37.21
libvirt-daemon-driver-network-debuginfo: before 4.0.0-9.37.21
libvirt-daemon-driver-network: before 4.0.0-9.37.21
libvirt-daemon-driver-lxc-debuginfo: before 4.0.0-9.37.21
libvirt-daemon-driver-lxc: before 4.0.0-9.37.21
libvirt-daemon-driver-interface-debuginfo: before 4.0.0-9.37.21
libvirt-daemon-driver-interface: before 4.0.0-9.37.21
libvirt-daemon-debuginfo: before 4.0.0-9.37.21
libvirt-daemon-config-nwfilter: before 4.0.0-9.37.21
libvirt-daemon-config-network: before 4.0.0-9.37.21
libvirt-daemon: before 4.0.0-9.37.21
libvirt-client-debuginfo: before 4.0.0-9.37.21
libvirt-client: before 4.0.0-9.37.21
libvirt-admin-debuginfo: before 4.0.0-9.37.21
libvirt-admin: before 4.0.0-9.37.21
libvirt: before 4.0.0-9.37.21
libqt5-qtmultimedia-private-headers-devel: before 5.9.7-7.2.1
wireshark-ui-qt-debuginfo: before 3.4.5-3.53.1
wireshark-ui-qt: before 3.4.5-3.53.1
wireshark-devel: before 3.4.5-3.53.1
wireshark-debugsource: before 3.4.5-3.53.1
wireshark-debuginfo: before 3.4.5-3.53.1
wireshark: before 3.4.5-3.53.1
sbc-devel: before 1.3-3.2.1
sbc-debugsource: before 1.3-3.2.1
sbc-debuginfo: before 1.3-3.2.1
libwsutil12-debuginfo: before 3.4.5-3.53.1
libwsutil12: before 3.4.5-3.53.1
libwiretap11-debuginfo: before 3.4.5-3.53.1
libwiretap11: before 3.4.5-3.53.1
libwireshark14-debuginfo: before 3.4.5-3.53.1
libwireshark14: before 3.4.5-3.53.1
libsbc1-debuginfo: before 1.3-3.2.1
libsbc1: before 1.3-3.2.1
libqt5-qtmultimedia-devel: before 5.9.7-7.2.1
libqt5-qtmultimedia-debugsource: before 5.9.7-7.2.1
libQt5Multimedia5-debuginfo: before 5.9.7-7.2.1
libQt5Multimedia5: before 5.9.7-7.2.1
External linkshttp://www.suse.com/support/update/announcement/2021/suse-su-20212125-1/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU50149
Risk: Medium
CVSSv3.1: 5.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-22174
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to insufficient validation of user-supplied input within the USB HID dissector. A remote attacker can pass specially crafted input to the application and perform a denial of service (DoS) attack.
MitigationUpdate the affected package wireshark to the latest version.
Vulnerable software versionsSUSE Manager Proxy: 4.0
SUSE Manager Retail Branch Server: 4.0
SUSE Manager Server: 4.0
SUSE Linux Enterprise Server for SAP: 15 - 15-SP1
SUSE Linux Enterprise High Performance Computing: 15-ESPOS - 15-SP1-LTSS
SUSE Enterprise Storage: 6
SUSE CaaS Platform: 4.0
SUSE Linux Enterprise Server: 15-LTSS - 15-SP1-LTSS
SUSE Linux Enterprise Module for Desktop Applications: 15-SP2 - 15-SP3
SUSE Linux Enterprise Module for Basesystem: 15-SP2 - 15-SP3
libvirt-daemon-xen: before 4.0.0-9.37.21
libvirt-daemon-driver-storage-rbd-debuginfo: before 4.0.0-9.37.21
libvirt-daemon-driver-storage-rbd: before 4.0.0-9.37.21
libvirt-daemon-driver-libxl-debuginfo: before 4.0.0-9.37.21
libvirt-daemon-driver-libxl: before 4.0.0-9.37.21
libvirt-nss-debuginfo: before 4.0.0-9.37.21
libvirt-nss: before 4.0.0-9.37.21
libvirt-lock-sanlock-debuginfo: before 4.0.0-9.37.21
libvirt-lock-sanlock: before 4.0.0-9.37.21
libvirt-libs-debuginfo: before 4.0.0-9.37.21
libvirt-libs: before 4.0.0-9.37.21
libvirt-doc: before 4.0.0-9.37.21
libvirt-devel: before 4.0.0-9.37.21
libvirt-debugsource: before 4.0.0-9.37.21
libvirt-daemon-qemu: before 4.0.0-9.37.21
libvirt-daemon-lxc: before 4.0.0-9.37.21
libvirt-daemon-hooks: before 4.0.0-9.37.21
libvirt-daemon-driver-storage-scsi-debuginfo: before 4.0.0-9.37.21
libvirt-daemon-driver-storage-scsi: before 4.0.0-9.37.21
libvirt-daemon-driver-storage-mpath-debuginfo: before 4.0.0-9.37.21
libvirt-daemon-driver-storage-mpath: before 4.0.0-9.37.21
libvirt-daemon-driver-storage-logical-debuginfo: before 4.0.0-9.37.21
libvirt-daemon-driver-storage-logical: before 4.0.0-9.37.21
libvirt-daemon-driver-storage-iscsi-debuginfo: before 4.0.0-9.37.21
libvirt-daemon-driver-storage-iscsi: before 4.0.0-9.37.21
libvirt-daemon-driver-storage-disk-debuginfo: before 4.0.0-9.37.21
libvirt-daemon-driver-storage-disk: before 4.0.0-9.37.21
libvirt-daemon-driver-storage-core-debuginfo: before 4.0.0-9.37.21
libvirt-daemon-driver-storage-core: before 4.0.0-9.37.21
libvirt-daemon-driver-storage: before 4.0.0-9.37.21
libvirt-daemon-driver-secret-debuginfo: before 4.0.0-9.37.21
libvirt-daemon-driver-secret: before 4.0.0-9.37.21
libvirt-daemon-driver-qemu-debuginfo: before 4.0.0-9.37.21
libvirt-daemon-driver-qemu: before 4.0.0-9.37.21
libvirt-daemon-driver-nwfilter-debuginfo: before 4.0.0-9.37.21
libvirt-daemon-driver-nwfilter: before 4.0.0-9.37.21
libvirt-daemon-driver-nodedev-debuginfo: before 4.0.0-9.37.21
libvirt-daemon-driver-nodedev: before 4.0.0-9.37.21
libvirt-daemon-driver-network-debuginfo: before 4.0.0-9.37.21
libvirt-daemon-driver-network: before 4.0.0-9.37.21
libvirt-daemon-driver-lxc-debuginfo: before 4.0.0-9.37.21
libvirt-daemon-driver-lxc: before 4.0.0-9.37.21
libvirt-daemon-driver-interface-debuginfo: before 4.0.0-9.37.21
libvirt-daemon-driver-interface: before 4.0.0-9.37.21
libvirt-daemon-debuginfo: before 4.0.0-9.37.21
libvirt-daemon-config-nwfilter: before 4.0.0-9.37.21
libvirt-daemon-config-network: before 4.0.0-9.37.21
libvirt-daemon: before 4.0.0-9.37.21
libvirt-client-debuginfo: before 4.0.0-9.37.21
libvirt-client: before 4.0.0-9.37.21
libvirt-admin-debuginfo: before 4.0.0-9.37.21
libvirt-admin: before 4.0.0-9.37.21
libvirt: before 4.0.0-9.37.21
libqt5-qtmultimedia-private-headers-devel: before 5.9.7-7.2.1
wireshark-ui-qt-debuginfo: before 3.4.5-3.53.1
wireshark-ui-qt: before 3.4.5-3.53.1
wireshark-devel: before 3.4.5-3.53.1
wireshark-debugsource: before 3.4.5-3.53.1
wireshark-debuginfo: before 3.4.5-3.53.1
wireshark: before 3.4.5-3.53.1
sbc-devel: before 1.3-3.2.1
sbc-debugsource: before 1.3-3.2.1
sbc-debuginfo: before 1.3-3.2.1
libwsutil12-debuginfo: before 3.4.5-3.53.1
libwsutil12: before 3.4.5-3.53.1
libwiretap11-debuginfo: before 3.4.5-3.53.1
libwiretap11: before 3.4.5-3.53.1
libwireshark14-debuginfo: before 3.4.5-3.53.1
libwireshark14: before 3.4.5-3.53.1
libsbc1-debuginfo: before 1.3-3.2.1
libsbc1: before 1.3-3.2.1
libqt5-qtmultimedia-devel: before 5.9.7-7.2.1
libqt5-qtmultimedia-debugsource: before 5.9.7-7.2.1
libQt5Multimedia5-debuginfo: before 5.9.7-7.2.1
libQt5Multimedia5: before 5.9.7-7.2.1
External linkshttp://www.suse.com/support/update/announcement/2021/suse-su-20212125-1/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU51385
Risk: Medium
CVSSv3.1: 6.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-22191
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to insufficient validation of user-supplied input when processing URLs. A remote attacker can pass specially crafted input to the application and perform a denial of service (DoS) attack.
MitigationUpdate the affected package wireshark to the latest version.
Vulnerable software versionsSUSE Manager Proxy: 4.0
SUSE Manager Retail Branch Server: 4.0
SUSE Manager Server: 4.0
SUSE Linux Enterprise Server for SAP: 15 - 15-SP1
SUSE Linux Enterprise High Performance Computing: 15-ESPOS - 15-SP1-LTSS
SUSE Enterprise Storage: 6
SUSE CaaS Platform: 4.0
SUSE Linux Enterprise Server: 15-LTSS - 15-SP1-LTSS
SUSE Linux Enterprise Module for Desktop Applications: 15-SP2 - 15-SP3
SUSE Linux Enterprise Module for Basesystem: 15-SP2 - 15-SP3
libvirt-daemon-xen: before 4.0.0-9.37.21
libvirt-daemon-driver-storage-rbd-debuginfo: before 4.0.0-9.37.21
libvirt-daemon-driver-storage-rbd: before 4.0.0-9.37.21
libvirt-daemon-driver-libxl-debuginfo: before 4.0.0-9.37.21
libvirt-daemon-driver-libxl: before 4.0.0-9.37.21
libvirt-nss-debuginfo: before 4.0.0-9.37.21
libvirt-nss: before 4.0.0-9.37.21
libvirt-lock-sanlock-debuginfo: before 4.0.0-9.37.21
libvirt-lock-sanlock: before 4.0.0-9.37.21
libvirt-libs-debuginfo: before 4.0.0-9.37.21
libvirt-libs: before 4.0.0-9.37.21
libvirt-doc: before 4.0.0-9.37.21
libvirt-devel: before 4.0.0-9.37.21
libvirt-debugsource: before 4.0.0-9.37.21
libvirt-daemon-qemu: before 4.0.0-9.37.21
libvirt-daemon-lxc: before 4.0.0-9.37.21
libvirt-daemon-hooks: before 4.0.0-9.37.21
libvirt-daemon-driver-storage-scsi-debuginfo: before 4.0.0-9.37.21
libvirt-daemon-driver-storage-scsi: before 4.0.0-9.37.21
libvirt-daemon-driver-storage-mpath-debuginfo: before 4.0.0-9.37.21
libvirt-daemon-driver-storage-mpath: before 4.0.0-9.37.21
libvirt-daemon-driver-storage-logical-debuginfo: before 4.0.0-9.37.21
libvirt-daemon-driver-storage-logical: before 4.0.0-9.37.21
libvirt-daemon-driver-storage-iscsi-debuginfo: before 4.0.0-9.37.21
libvirt-daemon-driver-storage-iscsi: before 4.0.0-9.37.21
libvirt-daemon-driver-storage-disk-debuginfo: before 4.0.0-9.37.21
libvirt-daemon-driver-storage-disk: before 4.0.0-9.37.21
libvirt-daemon-driver-storage-core-debuginfo: before 4.0.0-9.37.21
libvirt-daemon-driver-storage-core: before 4.0.0-9.37.21
libvirt-daemon-driver-storage: before 4.0.0-9.37.21
libvirt-daemon-driver-secret-debuginfo: before 4.0.0-9.37.21
libvirt-daemon-driver-secret: before 4.0.0-9.37.21
libvirt-daemon-driver-qemu-debuginfo: before 4.0.0-9.37.21
libvirt-daemon-driver-qemu: before 4.0.0-9.37.21
libvirt-daemon-driver-nwfilter-debuginfo: before 4.0.0-9.37.21
libvirt-daemon-driver-nwfilter: before 4.0.0-9.37.21
libvirt-daemon-driver-nodedev-debuginfo: before 4.0.0-9.37.21
libvirt-daemon-driver-nodedev: before 4.0.0-9.37.21
libvirt-daemon-driver-network-debuginfo: before 4.0.0-9.37.21
libvirt-daemon-driver-network: before 4.0.0-9.37.21
libvirt-daemon-driver-lxc-debuginfo: before 4.0.0-9.37.21
libvirt-daemon-driver-lxc: before 4.0.0-9.37.21
libvirt-daemon-driver-interface-debuginfo: before 4.0.0-9.37.21
libvirt-daemon-driver-interface: before 4.0.0-9.37.21
libvirt-daemon-debuginfo: before 4.0.0-9.37.21
libvirt-daemon-config-nwfilter: before 4.0.0-9.37.21
libvirt-daemon-config-network: before 4.0.0-9.37.21
libvirt-daemon: before 4.0.0-9.37.21
libvirt-client-debuginfo: before 4.0.0-9.37.21
libvirt-client: before 4.0.0-9.37.21
libvirt-admin-debuginfo: before 4.0.0-9.37.21
libvirt-admin: before 4.0.0-9.37.21
libvirt: before 4.0.0-9.37.21
libqt5-qtmultimedia-private-headers-devel: before 5.9.7-7.2.1
wireshark-ui-qt-debuginfo: before 3.4.5-3.53.1
wireshark-ui-qt: before 3.4.5-3.53.1
wireshark-devel: before 3.4.5-3.53.1
wireshark-debugsource: before 3.4.5-3.53.1
wireshark-debuginfo: before 3.4.5-3.53.1
wireshark: before 3.4.5-3.53.1
sbc-devel: before 1.3-3.2.1
sbc-debugsource: before 1.3-3.2.1
sbc-debuginfo: before 1.3-3.2.1
libwsutil12-debuginfo: before 3.4.5-3.53.1
libwsutil12: before 3.4.5-3.53.1
libwiretap11-debuginfo: before 3.4.5-3.53.1
libwiretap11: before 3.4.5-3.53.1
libwireshark14-debuginfo: before 3.4.5-3.53.1
libwireshark14: before 3.4.5-3.53.1
libsbc1-debuginfo: before 1.3-3.2.1
libsbc1: before 1.3-3.2.1
libqt5-qtmultimedia-devel: before 5.9.7-7.2.1
libqt5-qtmultimedia-debugsource: before 5.9.7-7.2.1
libQt5Multimedia5-debuginfo: before 5.9.7-7.2.1
libQt5Multimedia5: before 5.9.7-7.2.1
External linkshttp://www.suse.com/support/update/announcement/2021/suse-su-20212125-1/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU52506
Risk: Medium
CVSSv3.1: 6.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-22207
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a boundary error within the MS-WSP dissector in Wireshark. A remote attacker can send specially crafted packets over the network or convince the victim to read a malformed packet trace file and consume excessive CPU resources, causing denial of service condition.
Update the affected package wireshark to the latest version.
Vulnerable software versionsSUSE Manager Proxy: 4.0
SUSE Manager Retail Branch Server: 4.0
SUSE Manager Server: 4.0
SUSE Linux Enterprise Server for SAP: 15 - 15-SP1
SUSE Linux Enterprise High Performance Computing: 15-ESPOS - 15-SP1-LTSS
SUSE Enterprise Storage: 6
SUSE CaaS Platform: 4.0
SUSE Linux Enterprise Server: 15-LTSS - 15-SP1-LTSS
SUSE Linux Enterprise Module for Desktop Applications: 15-SP2 - 15-SP3
SUSE Linux Enterprise Module for Basesystem: 15-SP2 - 15-SP3
libvirt-daemon-xen: before 4.0.0-9.37.21
libvirt-daemon-driver-storage-rbd-debuginfo: before 4.0.0-9.37.21
libvirt-daemon-driver-storage-rbd: before 4.0.0-9.37.21
libvirt-daemon-driver-libxl-debuginfo: before 4.0.0-9.37.21
libvirt-daemon-driver-libxl: before 4.0.0-9.37.21
libvirt-nss-debuginfo: before 4.0.0-9.37.21
libvirt-nss: before 4.0.0-9.37.21
libvirt-lock-sanlock-debuginfo: before 4.0.0-9.37.21
libvirt-lock-sanlock: before 4.0.0-9.37.21
libvirt-libs-debuginfo: before 4.0.0-9.37.21
libvirt-libs: before 4.0.0-9.37.21
libvirt-doc: before 4.0.0-9.37.21
libvirt-devel: before 4.0.0-9.37.21
libvirt-debugsource: before 4.0.0-9.37.21
libvirt-daemon-qemu: before 4.0.0-9.37.21
libvirt-daemon-lxc: before 4.0.0-9.37.21
libvirt-daemon-hooks: before 4.0.0-9.37.21
libvirt-daemon-driver-storage-scsi-debuginfo: before 4.0.0-9.37.21
libvirt-daemon-driver-storage-scsi: before 4.0.0-9.37.21
libvirt-daemon-driver-storage-mpath-debuginfo: before 4.0.0-9.37.21
libvirt-daemon-driver-storage-mpath: before 4.0.0-9.37.21
libvirt-daemon-driver-storage-logical-debuginfo: before 4.0.0-9.37.21
libvirt-daemon-driver-storage-logical: before 4.0.0-9.37.21
libvirt-daemon-driver-storage-iscsi-debuginfo: before 4.0.0-9.37.21
libvirt-daemon-driver-storage-iscsi: before 4.0.0-9.37.21
libvirt-daemon-driver-storage-disk-debuginfo: before 4.0.0-9.37.21
libvirt-daemon-driver-storage-disk: before 4.0.0-9.37.21
libvirt-daemon-driver-storage-core-debuginfo: before 4.0.0-9.37.21
libvirt-daemon-driver-storage-core: before 4.0.0-9.37.21
libvirt-daemon-driver-storage: before 4.0.0-9.37.21
libvirt-daemon-driver-secret-debuginfo: before 4.0.0-9.37.21
libvirt-daemon-driver-secret: before 4.0.0-9.37.21
libvirt-daemon-driver-qemu-debuginfo: before 4.0.0-9.37.21
libvirt-daemon-driver-qemu: before 4.0.0-9.37.21
libvirt-daemon-driver-nwfilter-debuginfo: before 4.0.0-9.37.21
libvirt-daemon-driver-nwfilter: before 4.0.0-9.37.21
libvirt-daemon-driver-nodedev-debuginfo: before 4.0.0-9.37.21
libvirt-daemon-driver-nodedev: before 4.0.0-9.37.21
libvirt-daemon-driver-network-debuginfo: before 4.0.0-9.37.21
libvirt-daemon-driver-network: before 4.0.0-9.37.21
libvirt-daemon-driver-lxc-debuginfo: before 4.0.0-9.37.21
libvirt-daemon-driver-lxc: before 4.0.0-9.37.21
libvirt-daemon-driver-interface-debuginfo: before 4.0.0-9.37.21
libvirt-daemon-driver-interface: before 4.0.0-9.37.21
libvirt-daemon-debuginfo: before 4.0.0-9.37.21
libvirt-daemon-config-nwfilter: before 4.0.0-9.37.21
libvirt-daemon-config-network: before 4.0.0-9.37.21
libvirt-daemon: before 4.0.0-9.37.21
libvirt-client-debuginfo: before 4.0.0-9.37.21
libvirt-client: before 4.0.0-9.37.21
libvirt-admin-debuginfo: before 4.0.0-9.37.21
libvirt-admin: before 4.0.0-9.37.21
libvirt: before 4.0.0-9.37.21
libqt5-qtmultimedia-private-headers-devel: before 5.9.7-7.2.1
wireshark-ui-qt-debuginfo: before 3.4.5-3.53.1
wireshark-ui-qt: before 3.4.5-3.53.1
wireshark-devel: before 3.4.5-3.53.1
wireshark-debugsource: before 3.4.5-3.53.1
wireshark-debuginfo: before 3.4.5-3.53.1
wireshark: before 3.4.5-3.53.1
sbc-devel: before 1.3-3.2.1
sbc-debugsource: before 1.3-3.2.1
sbc-debuginfo: before 1.3-3.2.1
libwsutil12-debuginfo: before 3.4.5-3.53.1
libwsutil12: before 3.4.5-3.53.1
libwiretap11-debuginfo: before 3.4.5-3.53.1
libwiretap11: before 3.4.5-3.53.1
libwireshark14-debuginfo: before 3.4.5-3.53.1
libwireshark14: before 3.4.5-3.53.1
libsbc1-debuginfo: before 1.3-3.2.1
libsbc1: before 1.3-3.2.1
libqt5-qtmultimedia-devel: before 5.9.7-7.2.1
libqt5-qtmultimedia-debugsource: before 5.9.7-7.2.1
libQt5Multimedia5-debuginfo: before 5.9.7-7.2.1
libQt5Multimedia5: before 5.9.7-7.2.1
External linkshttp://www.suse.com/support/update/announcement/2021/suse-su-20212125-1/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.