What is CVE-2021-39924?

CVE-2021-39924 is a high-severity vulnerability affecting Wireshark versions 3.4.0 to 3.4.9 and 3.2.0 to 3.2.17. It allows denial of service through packet injection, necessitating immediate action for affected organizations.

What is the severity of CVE-2021-39924?

CVE-2021-39924 has a severity rating of HIGH with a CVSS base score of 7.5.

CVE-2021-39924 | High Vulnerability in Wireshark

CVE-2021-39924 is a high-severity vulnerability present in the Bluetooth DHT dissector of Wireshark, specifically affecting versions 3.4.0 to 3.4.9 and 3.2.0 to 3.2.17. This vulnerability allows denial of service (DoS) attacks through packet injection or by utilizing a crafted capture file. The potential impact on organizations is significant, as the availability of the service can be compromised without any need for user interaction.

With a CVSS score of 7.5, this vulnerability is classified as high severity. The attack vector is network-based with low attack complexity, implying that an attacker can exploit this vulnerability remotely with minimal effort. Organizations utilizing affected versions of Wireshark should prioritize remediation efforts to mitigate risks associated with this vulnerability.

Currently, there are no known public exploits, but given the nature of the vulnerability, it is crucial for organizations to remain vigilant. The urgency for addressing this vulnerability is high, and timely patching is essential to prevent potential service disruptions.

Organizations should prioritize patching immediately to safeguard their systems against potential denial of service attacks.

Vulnerability Details

This vulnerability allows denial of service due to a large loop in the Bluetooth DHT dissector in Wireshark versions 3.4.0 to 3.4.9 and 3.2.0 to 3.2.17. The CVSS score is 7.5, indicating high severity, as it can lead to significant disruption in service availability.

The affected vendor is Wireshark, and the vulnerability was published on November 19, 2021. The Common Weakness Enumeration (CWE) classification for this vulnerability is CWE-834.

Technical Analysis

The root cause of CVE-2021-39924 stems from the improper handling of certain Bluetooth packets, leading to a large loop in the processing logic. This results in excessive resource consumption, causing the application to become unresponsive.

The attack vector for this vulnerability is network-based, which means an attacker can exploit the flaw remotely without requiring physical access to the vulnerable system. The attack complexity is low, as it does not necessitate any special conditions or user interaction.

The availability impact is categorized as high, meaning that successful exploitation can render the service unavailable. The confidentiality and integrity impacts are negligible in this case.

Risk & Impact Analysis

The real-world deployment risk associated with this vulnerability is significant, as organizations relying on Wireshark for network analysis could face disruptions in their operations due to service unavailability. The blast radius potential is broad, impacting any network that utilizes the affected versions of Wireshark.

Given the CVSS score of 7.5, organizations should address this vulnerability in their priority patch cycle. Failure to do so could lead to severe operational issues, particularly in environments where Wireshark is critical for monitoring and analysis.

Signal	Status
Known Exploit	No
Public PoC	No
Actively Exploited	No
Ransomware Use	No

Affected Versions

The affected versions of Wireshark are 3.4.0 to 3.4.9 and 3.2.0 to 3.2.17. Organizations using these versions should take immediate action to apply patches.

Mitigation & Remediation

Patching Wireshark to the latest version is essential for remediation. Organizations should upgrade to versions later than 3.4.9 and 3.2.17 to eliminate exposure to this vulnerability. If immediate patching is not possible, organizations can implement network controls to limit exposure to untrusted networks.

Monitoring for unusual traffic patterns associated with Bluetooth packets may also help in early detection of potential attempts to exploit this vulnerability.

Organizations should consider penetration testing to validate their defenses against potential exploitation.

Detection Guidance

To detect potential exploitation attempts, organizations should monitor logs for unusual Bluetooth-related traffic and analyze system performance indicators for signs of excessive resource consumption.

AppSecure Threat Intelligence Insight

CVE-2021-39924 highlights the importance of continuous monitoring and patch management in maintaining security posture. As vulnerabilities in widely used applications like Wireshark emerge, organizations must adapt their security strategies accordingly.

Establishing a robust vulnerability management program can significantly reduce the risk of such vulnerabilities impacting organizational operations.

Organizations should also consider compliance requirements that may dictate timely remediation efforts.

Furthermore, employing security testing best practices can help in identifying and mitigating vulnerabilities before they are exploited.

Disclaimer: This content was generated using AI. While we strive for accuracy, please verify critical information with official sources.

CVE ID	Title	Severity	Vulnerability Type	Published
CVE-2025-65418	CVE-2025-65418: High Vulnerability in docuFORM Managed Print Service Client	HIGH	Path Traversal	May 11, 2026
CVE-2025-65417	CVE-2025-65417: Medium Vulnerability in docuFORM Managed Print Service Client	MEDIUM	XSS	May 11, 2026
CVE-2025-65416	CVE-2025-65416: Medium Vulnerability in docuFORM Managed Print Service Client	MEDIUM	Unrestricted File Upload	May 11, 2026
CVE-2025-65415	CVE-2025-65415: Medium Vulnerability in docuFORM Managed Print Service Client	MEDIUM	Session Fixation	May 11, 2026
CVE-2025-61314	CVE-2025-61314: High Vulnerability in GmbH Mecury Managed Print Services	HIGH	XSS	May 11, 2026

CVE-2021-39924: High Vulnerability in Wireshark