SB2021012236 - Gentoo update for Wireshark
Published: January 22, 2021
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 5 secuirty vulnerabilities.
1) Memory leak (CVE-ID: CVE-2020-26418)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within Kafka protocol dissector in Wireshark 3.4.0 and 3.2.0 to 3.2.8 allows denial of service via packet injection or crafted capture file. A remote attacker can perform a denial of service attack.
2) Memory leak (CVE-ID: CVE-2020-26419)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the dissection engine in Wireshark 3.4.0 allows denial of service via packet injection or crafted capture file. A remote attacker can perform a denial of service attack.
3) Memory leak (CVE-ID: CVE-2020-26420)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within RTPS protocol dissector in Wireshark 3.4.0 and 3.2.0 to 3.2.8 allows denial of service via packet injection or crafted capture file. A remote attacker can perform a denial of service attack.
4) Out-of-bounds read (CVE-ID: CVE-2020-26421)
The vulnerability allows a remote non-authenticated attacker to perform service disruption.
Crash in USB HID protocol dissector and possibly other dissectors in Wireshark 3.4.0 and 3.2.0 to 3.2.8 allows denial of service via packet injection or crafted capture file.
5) Input validation error (CVE-ID: CVE-2020-26422)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to insufficient validation of user-supplied input within the QUIC dissector. A remote attacker can pass specially crafted input to the application and perform a denial of service (DoS) attack.
Remediation
Install update from vendor's website.