CVE-2021-4190: 
Wireshark vulnerability analysis and mitigation

CVE-2021-4190 is a vulnerability discovered in the Kafka dissector component of Wireshark 3.6.0. The vulnerability was disclosed on December 29, 2021, affecting Wireshark versions 3.6.0 and 3.4.0 to 3.4.11. The issue allows for a denial of service condition via packet injection or crafted capture file (Wireshark Advisory).

The vulnerability stems from a large loop in the Kafka dissector that could reach an (almost) infinite loop (max guint64) by manipulating the reading pointer to remain at the same location. The issue occurs when processing specifically crafted KAFKA packets that create unlimited tagged fields. The bug was introduced while attempting to fix another issue in the Kafka dissector through merge request !890 (Wireshark Issue). The vulnerability has a CVSS score of 5.0, indicating moderate severity (Rapid7).

When exploited, the vulnerability causes Wireshark to consume excessive amounts of memory and 100% CPU utilization, leading to a denial of service condition. Even a small packet could cause tshark to become stuck in a loop while using excessive system resources (Wireshark Issue).

The vulnerability was fixed in Wireshark versions 3.6.1 and 3.4.12. Users are advised to upgrade to these or later versions to mitigate the issue. The fix was released as part of security updates across multiple platforms including Debian and Fedora (Wireshark Advisory, Debian Security).