PT-2020-6563 · Wireshark+3 · Wireshark+3

Published

2020-02-27

Updated

2024-06-15

CVE-2020-9428

CVSS v3.1

7.5

High

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions Wireshark versions 2.6.0 through 2.6.14 Wireshark versions 3.0.0 through 3.0.8 Wireshark versions 3.2.0 through 3.2.1

Description The issue is related to a buffer data reading vulnerability that could allow a remote attacker to cause a denial of service. The EAP dissector could crash due to improper sscanf parsing.

Recommendations For Wireshark versions 2.6.0 through 2.6.14, update the epan/dissectors/packet-eap.c file to use more careful sscanf parsing. For Wireshark versions 3.0.0 through 3.0.8, update the epan/dissectors/packet-eap.c file to use more careful sscanf parsing. For Wireshark versions 3.2.0 through 3.2.1, update the epan/dissectors/packet-eap.c file to use more careful sscanf parsing.

Exploit

Fix

Out of bounds Read

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-125

Related Identifiers

ALT-PU-2020-1462

ALT-PU-2020-1555

BDU:2022-00215

CVE-2020-9428

DLA-2547-1

OESA-2021-1132

OPENSUSE-SU-2020:0362-1

OPENSUSE-SU-2020_0362-1

OPENSUSE-SU-2024:11513-1

SUSE-SU-2020:0693-1

Affected Products

Alt Linux

Astra Linux

Suse

Wireshark

PT-2020-6563 · Wireshark+3 · Wireshark+3

CVE-2020-9428

Weakness Enumeration

Related Identifiers

Affected Products

References · 229