PT-2020-6571 · Wireshark+3 · Wireshark+3

Published

2020-10-30

Updated

2024-06-15

CVE-2020-28030

CVSS v3.1

7.5

High

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions Wireshark versions 3.2.0 through 3.2.7

Description The issue is related to the GQUIC dissector in Wireshark, which could cause a crash. This was due to an incorrect implementation of offset advancement. The problem can be exploited by a remote attacker to cause a denial of service.

Recommendations For Wireshark versions 3.2.0 through 3.2.7, update the software to a version where the issue has been addressed, specifically by correcting the implementation in epan/dissectors/packet-gquic.c. As a temporary workaround, consider disabling the GQUIC dissector until a patch is available.

Exploit

Fix

Infinite Loop

Allocation of Resources Without Limits

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-835CWE-682CWE-770

Related Identifiers

ALT-PU-2020-3204

ALT-PU-2020-3222

ALT-PU-2022-1368

BDU:2022-00251

CVE-2020-28030

DLA-2547-1

OPENSUSE-SU-2020:2076-1

OPENSUSE-SU-2020:2107-1

OPENSUSE-SU-2020_2076-1

OPENSUSE-SU-2020_2107-1

OPENSUSE-SU-2024:11513-1

SUSE-SU-2020:3376-1

Affected Products

Alt Linux

Astra Linux

Suse

Wireshark

PT-2020-6571 · Wireshark+3 · Wireshark+3

CVE-2020-28030

Weakness Enumeration

Related Identifiers

Affected Products

References · 191