vulnerability
Arch Linux: Arbitrary code execution (CVE-2021-22191)
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 7 | (AV:N/AC:M/Au:N/C:P/I:P/A:P) | Mar 15, 2021 | Jul 11, 2025 | Nov 27, 2025 |
Severity
7
CVSS
(AV:N/AC:M/Au:N/C:P/I:P/A:P)
Published
Mar 15, 2021
Added
Jul 11, 2025
Modified
Nov 27, 2025
Description
A security issue has been found in Wireshark before version 3.4.4. Some fields in the Wireshark proto_tree are double-clickable and pass URLs with arbitrary schemes to the QDesktopServices::openUrl function. http and https URLs passed to this function are opened by the browser which is generally safe. For some other schemes like dav and file however, referenced files will be opened by the system's standard application associated with their file type. By preparing internet-hosted file shares and executable files, arbitrary code execution can be achieved via malicious pcap(ng) files or captured live-traffic and some user interaction.
Solution
arch-linux-upgrade-latest
References
- CVE-2021-22191
- https://attackerkb.com/topics/CVE-2021-22191
- URL-https://gitlab.com/gitlab-org/cves/-/blob/master/2021/CVE-2021-22191.json
- URL-https://gitlab.com/wireshark/wireshark/-/issues/17232
- URL-https://lists.debian.org/debian-lts-announce/2022/03/msg00041.html
- URL-https://security.archlinux.org/ASA-202103-2
- URL-https://security.gentoo.org/glsa/202107-21
- URL-https://www.oracle.com/security-alerts/cpuApr2021.html
- URL-https://www.wireshark.org/security/wnpa-sec-2021-03.html
- CWE-74
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.