PT-2020-5500 · Wireshark+5 · Wireshark+5

Published

2020-09-30

Updated

2024-06-15

CVE-2020-25862

CVSS v2.0

7.8

High

Vector

AV:N/AC:L/Au:N/C:N/I:N/A:C

Name of the Vulnerable Software and Affected Versions Wireshark versions 2.6.0 through 2.6.20 Wireshark versions 3.0.0 through 3.0.13 Wireshark versions 3.2.0 through 3.2.6

Description The issue is related to a lack of integrity check in the epan/dissectors/packet-tcp.c function of Wireshark, which could allow a remote attacker to cause the application to crash. The TCP dissector could crash due to the handling of an invalid 0xFFFF checksum.

Recommendations For Wireshark versions 2.6.0 through 2.6.20, update the handling of the invalid 0xFFFF checksum in epan/dissectors/packet-tcp.c to prevent the TCP dissector from crashing. For Wireshark versions 3.0.0 through 3.0.13, update the handling of the invalid 0xFFFF checksum in epan/dissectors/packet-tcp.c to prevent the TCP dissector from crashing. For Wireshark versions 3.2.0 through 3.2.6, update the handling of the invalid 0xFFFF checksum in epan/dissectors/packet-tcp.c to prevent the TCP dissector from crashing.

Exploit

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-354

Related Identifiers

ALT-PU-2020-2896

ALT-PU-2020-2943

ALT-PU-2022-1368

BDU:2021-00884

CVE-2020-25862

DLA-2547-1

MGASA-2020-0384

OPENSUSE-SU-2020:1878-1

OPENSUSE-SU-2020:1882-1

OPENSUSE-SU-2020_1878-1

OPENSUSE-SU-2020_1882-1

OPENSUSE-SU-2024:11513-1

SUSE-SU-2020:3166-1

USN-6262-1

Affected Products

Alt Linux

Astra Linux

Linuxmint

Suse

Ubuntu

Wireshark

PT-2020-5500 · Wireshark+5 · Wireshark+5

CVE-2020-25862

Weakness Enumeration

Related Identifiers

Affected Products

References · 214