SB2020100805 - Denial of service in Wireshark
Published: October 8, 2020 Updated: October 30, 2020
Security Bulletin ID
SB2020100805
Severity
Medium
Patch available
YES
Number of vulnerabilities
1
Exploitation vector
Remote access
Highest impact
Denial of service
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 1 security vulnerability.
1) Infinite loop (CVE-ID: CVE-2020-26575)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to infinite loop within the Facebook Zero Protocol (aka FBZERO) dissector in epan/dissectors/packet-fbzero.c. A remote attacker can pass specially crafted traffic to the application, consume all available system resources and cause denial of service conditions.
Remediation
Install update from vendor's website.
References
- https://gitlab.com/wireshark/wireshark/-/commit/3ff940652962c099b73ae3233322b8697b0d10ab
- https://gitlab.com/wireshark/wireshark/-/issues/16887
- https://gitlab.com/wireshark/wireshark/-/merge_requests/467
- https://gitlab.com/wireshark/wireshark/-/merge_requests/471
- https://gitlab.com/wireshark/wireshark/-/merge_requests/472
- https://gitlab.com/wireshark/wireshark/-/merge_requests/473