PT-2020-5494 · Wireshark+5 · Wireshark+5

Published

2020-09-30

·

Updated

2024-06-15

·

CVE-2020-25863

CVSS v2.0

7.8

High

VectorAV:N/AC:L/Au:N/C:N/I:N/A:C
Name of the Vulnerable Software and Affected Versions Wireshark versions 2.6.0 through 2.6.20 Wireshark versions 3.0.0 through 3.0.13 Wireshark versions 3.2.0 through 3.2.6
Description The issue exists due to insufficient input validation in Wireshark, which could allow a remote attacker to cause the application to crash. The problem was addressed by correcting the deallocation of invalid MIME parts in the MIME Multipart dissector.
Recommendations For Wireshark versions 2.6.0 through 2.6.20, update to a version where the deallocation of invalid MIME parts in the MIME Multipart dissector has been corrected. For Wireshark versions 3.0.0 through 3.0.13, update to a version where the deallocation of invalid MIME parts in the MIME Multipart dissector has been corrected. For Wireshark versions 3.2.0 through 3.2.6, update to a version where the deallocation of invalid MIME parts in the MIME Multipart dissector has been corrected.

Exploit

Fix

RCE

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-20

Related Identifiers

ALT-PU-2020-2896
ALT-PU-2020-2943
ALT-PU-2022-1368
BDU:2021-00875
CVE-2020-25863
DLA-2547-1
MGASA-2020-0384
OPENSUSE-SU-2020:1878-1
OPENSUSE-SU-2020:1882-1
OPENSUSE-SU-2020_1878-1
OPENSUSE-SU-2020_1882-1
OPENSUSE-SU-2024:11513-1
SUSE-SU-2020:3166-1
USN-6262-1

Affected Products

Alt Linux
Astra Linux
Linuxmint
Suse
Ubuntu
Wireshark