The remote Debian 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the dla-2849 advisory.

    Several vulnerabilities were fixed in the network traffic analyzer Wireshark. CVE-2021-22207 Excessive     memory consumption in the MS-WSP dissector. CVE-2021-22235 Crash in the DNP dissector. CVE-2021-39921 NULL     pointer exception in the Modbus dissector. CVE-2021-39922 Buffer overflow in the C12.22 dissector.
    CVE-2021-39923 Large loop in the PNRP dissector. CVE-2021-39924 Large loop in the Bluetooth DHT dissector.
    CVE-2021-39925 Buffer overflow in the Bluetooth SDP dissector. CVE-2021-39928 NULL pointer exception in     the IEEE 802.11 dissector. CVE-2021-39929 Uncontrolled Recursion in the Bluetooth DHT dissector. For     Debian 9 stretch, these problems have been fixed in version 2.6.20-0+deb9u2. We recommend that you upgrade     your wireshark packages. For the detailed security status of wireshark please refer to its security     tracker page at: https://security-tracker.debian.org/tracker/wireshark Further information about Debian     LTS security advisories, how to apply these updates to your system and frequently asked questions can be     found at: https://wiki.debian.org/LTS

Tenable has extracted the preceding description block directly from the Debian security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Detections

Analytics

Debian DLA-2849-1 : wireshark - LTS security update

high Nessus Plugin ID 156315

Version 1.6

Version 1.5

Version 1.4

Version 1.6 Jan 24, 2025, 9:25 PM CVSS metrics ("Cvssv4 score" set to 0.0) CVSSv2 severity (based on None, severity decreased from "High" to "Low") Detection (updated detection logic) Plugin metadata Plugin Feed: 202501242125
Version 1.5 Nov 22, 2023, 2:15 PM CVSS temporal metrics ("CVSSv2 temporal vector" set to "CVSS2#E:POC/RL:OF/RC:C". "CVSSv3 temporal vector" set to "CVSS:3.0/E:P/RL:O/RC:C") Exploit attributes ("Exploit available" set to "True". "Exploitability ease" changed from "No known exploits are available" to "Exploits are available") Plugin Feed: 202311221415
Version 1.4 Sep 27, 2022, 5:22 PM IAVM reference Plugin Feed: 202209271722