CVSS: 6.5EPSS: 0%CPEs: 6EXPL: 1CVE-2020-17498
https://notcve.org/view.php?id=CVE-2020-17498
In Wireshark 3.2.0 to 3.2.5, the Kafka protocol dissector could crash. This was addressed in epan/dissectors/packet-kafka.c by avoiding a double free during LZ4 decompression. En Wireshark versiones 3.2.0 hasta 3.2.5, el disector del protocolo Kafka podría bloquearse. Esto fue abordado en el archivo epan/dissectors/packet-kafka.c evitando una doble liberación durante la descompresión de LZ4 • http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00035.html http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00038.html https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=16672 https://code.wireshark.org/review/gitweb?p=wireshark.git%3Ba=commit%3Bh=76afda963de4f0b9be24f2d8e873990a5cbf221b https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/AII7UYDPNKYE75AZL45M6HAV2COP7F6S https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/messa • CWE-415: Double Free •
CVSS: 7.5EPSS: 0%CPEs: 4EXPL: 0CVE-2020-15466
https://notcve.org/view.php?id=CVE-2020-15466
In Wireshark 3.2.0 to 3.2.4, the GVCP dissector could go into an infinite loop. This was addressed in epan/dissectors/packet-gvcp.c by ensuring that an offset increases in all situations. En Wireshark versiones 3.2.0 hasta 3.2.4, el disector GVCP podría entrar en un bucle infinito. Esto se abordó en el archivo epan/disectors/packet-gvcp.c asegurando que aumente la compensación en todas las situaciones • http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00026.html http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00038.html https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=16029 https://code.wireshark.org/review/gitweb?p=wireshark.git%3Ba=commit%3Bh=11f40896b696e4e8c7f8b2ad96028404a83a51a4 https://lists.debian.org/debian-lts-announce/2021/02/msg00008.html https://security.gentoo.org/glsa/202007-13 https://www.wireshark.org/security/wnpa-sec-2020-09.html • CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop') •
CVSS: 7.5EPSS: 0%CPEs: 8EXPL: 0CVE-2020-13164
https://notcve.org/view.php?id=CVE-2020-13164
In Wireshark 3.2.0 to 3.2.3, 3.0.0 to 3.0.10, and 2.6.0 to 2.6.16, the NFS dissector could crash. This was addressed in epan/dissectors/packet-nfs.c by preventing excessive recursion, such as for a cycle in the directory graph on a filesystem. En Wireshark versiones 3.2.0 hasta 3.2.3, 3.0.0 hasta 3.0.10 y 2.6.0 hasta 2.6.16, el disector NFS podría bloquearse. Esto se abordó en el archivo epan/dissectors/packet-nfs.c impidiendo la recurrencia excesiva, como por ejemplo, un ciclo en el gráfico de directorio en un sistema de archivos. • http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00026.html http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00038.html https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=16476 https://code.wireshark.org/review/gitweb?p=wireshark.git%3Ba=commit%3Bh=e6e98eab8e5e0bbc982cfdc808f2469d7cab6c5a https://lists.debian.org/debian-lts-announce/2021/02/msg00008.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5UOISPQTRCZGQLKBVXEDL72AEXEHS425 https://lists • CWE-674: Uncontrolled Recursion •
CVSS: 7.5EPSS: 0%CPEs: 6EXPL: 0CVE-2020-11647
https://notcve.org/view.php?id=CVE-2020-11647
In Wireshark 3.2.0 to 3.2.2, 3.0.0 to 3.0.9, and 2.6.0 to 2.6.15, the BACapp dissector could crash. This was addressed in epan/dissectors/packet-bacapp.c by limiting the amount of recursion. En Wireshark versiones 3.2.0 hasta 3.2.2, versiones 3.0.0 hasta 3.0.9 y versiones 2.6.0 hasta 2.6.15, el disector BACapp podría bloquearse. Esto fue abordado en el archivo epan/disectors/packet-bacapp.c limitando la cantidad de recursión. • http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00026.html http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00038.html https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=16474 https://code.wireshark.org/review/gitweb?p=wireshark.git%3Ba=commit%3Bh=6f56fc9496db158218243ea87e3660c874a0bab0 https://lists.debian.org/debian-lts-announce/2021/02/msg00008.html https://security.gentoo.org/glsa/202007-13 https://www.wireshark.org/security/wnpa-sec-2020-07.html • CWE-674: Uncontrolled Recursion •
CVSS: 7.5EPSS: 0%CPEs: 8EXPL: 1CVE-2020-9428
https://notcve.org/view.php?id=CVE-2020-9428
In Wireshark 3.2.0 to 3.2.1, 3.0.0 to 3.0.8, and 2.6.0 to 2.6.14, the EAP dissector could crash. This was addressed in epan/dissectors/packet-eap.c by using more careful sscanf parsing. En Wireshark versiones 3.2.0 hasta 3.2.1, versiones 3.0.0 hasta 3.0.8 y versiones 2.6.0 hasta 2.6.14, el disector EAP podría bloquearse. Esto se abordó en el archivo epan/disectors/packet-eap.c mediante el uso de un análisis sscanf más cuidadoso. • http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00027.html https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=16397 https://code.wireshark.org/review/gitweb?p=wireshark.git%3Ba=commit%3Bh=9fe2de783dbcbe74144678d60a4e3923367044b2 https://lists.debian.org/debian-lts-announce/2021/02/msg00008.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DZBICEY2HGSNQ3RPBLMDDYVAHGOGS4E2 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ • CWE-125: Out-of-bounds Read •