PT-2020-5493 · Wireshark+2 · Wireshark+2

Published

2020-09-30

Updated

2024-06-15

CVE-2020-25866

CVSS v2.0

7.8

High

Vector

AV:N/AC:L/Au:N/C:N/I:N/A:C

Name of the Vulnerable Software and Affected Versions Wireshark versions 3.0.0 through 3.0.13 Wireshark versions 3.2.0 through 3.2.6

Description The issue is related to a NULL pointer dereference in the BLIP protocol dissector due to a buffer being sized for compressed messages, not uncompressed ones. This could allow a remote attacker to cause a denial of service. The problem was addressed by allowing reasonable compression ratios and rejecting ZIP bombs in the epan/dissectors/packet-blip.c file.

Recommendations For Wireshark versions 3.0.0 through 3.0.13, update to a version that includes the fix for the BLIP protocol dissector issue. For Wireshark versions 3.2.0 through 3.2.6, update to a version that includes the fix for the BLIP protocol dissector issue. As a temporary workaround, consider restricting the use of the BLIP protocol dissector until a patch is available.

Exploit

Fix

NULL Pointer Dereference

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-476

Related Identifiers

ALT-PU-2020-2896

ALT-PU-2020-2943

ALT-PU-2022-1368

BDU:2021-00874

CVE-2020-25866

MGASA-2020-0384

OPENSUSE-SU-2020:1878-1

OPENSUSE-SU-2020:1882-1

OPENSUSE-SU-2020_1878-1

OPENSUSE-SU-2020_1882-1

OPENSUSE-SU-2024:11513-1

SUSE-SU-2020:3166-1

Affected Products

Alt Linux

Suse

Wireshark

PT-2020-5493 · Wireshark+2 · Wireshark+2

CVE-2020-25866

Weakness Enumeration

Related Identifiers

Affected Products

References · 203