CVE-2021-22191: 
Wireshark vulnerability analysis and mitigation

CVE-2021-22191 is a security vulnerability affecting Wireshark versions 3.4.0 to 3.4.3 and 3.2.0 to 3.2.11, discovered by Kajetan Rostojek and disclosed on March 10, 2021. The vulnerability stems from improper URL handling in Wireshark that could allow remote code execution through packet injection or crafted capture files (Wireshark Advisory, NVD).

The vulnerability involves unsafe URL handling where Wireshark could open URLs with arbitrary schemes through the QDesktopServices::openUrl function. While http and https URLs are generally safe as they are opened by the browser, other schemes like dav and file can trigger the system's standard application to open referenced files, potentially leading to code execution. The vulnerability has a CVSS v3.1 base score of 7.5, indicating a high severity (Rapid7).

The vulnerability could allow an attacker to achieve remote code execution by either injecting malformed packets onto the network or by convincing a user to open a maliciously crafted packet trace file. When exploited, the vulnerability could lead to arbitrary code execution on the target system (Wireshark Advisory).

The vulnerability has been fixed in Wireshark versions 3.4.4 and 3.2.12. Users are strongly advised to upgrade to these or later versions. After the fix, double-clicking URLs will no longer automatically open them; instead, they will be copied to the clipboard where they can be inspected and manually pasted into a browser's address bar if deemed safe (Wireshark Advisory).