CVE-2020-13164
Ubuntu Security Notice USN-6262-1
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
In Wireshark 3.2.0 to 3.2.3, 3.0.0 to 3.0.10, and 2.6.0 to 2.6.16, the NFS dissector could crash. This was addressed in epan/dissectors/packet-nfs.c by preventing excessive recursion, such as for a cycle in the directory graph on a filesystem.
En Wireshark versiones 3.2.0 hasta 3.2.3, 3.0.0 hasta 3.0.10 y 2.6.0 hasta 2.6.16, el disector NFS podría bloquearse. Esto se abordó en el archivo epan/dissectors/packet-nfs.c impidiendo la recurrencia excesiva, como por ejemplo, un ciclo en el gráfico de directorio en un sistema de archivos.
It was discovered that Wireshark did not properly handle certain NFS packages when certain configuration options were enabled. An attacker could possibly use this issue to cause Wireshark to crash, resulting in a denial of service. It was discovered that Wireshark did not properly handle certain GVCP packages. An attacker could possibly use this issue to cause Wireshark to crash, resulting in a denial of service. This issue only affected Ubuntu 20.04 LTS.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2020-05-19 CVE Reserved
- 2020-05-19 CVE Published
- 2024-08-04 CVE Updated
- 2025-03-30 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-674: Uncontrolled Recursion
CAPEC
References (9)
| URL | Tag | Source |
|---|---|---|
| https://code.wireshark.org/review/gitweb?p=wireshark.git%3Ba=commit%3Bh=e6e98eab8e5e0bbc982cfdc808f2469d7cab6c5a | X_refsource_misc | |
| https://lists.debian.org/debian-lts-announce/2021/02/msg00008.html | Mailing List |
|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=16476 | 2023-11-07 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Wireshark Search vendor "Wireshark" | Wireshark Search vendor "Wireshark" for product "Wireshark" | >= 2.6.0 <= 2.6.16 Search vendor "Wireshark" for product "Wireshark" and version " >= 2.6.0 <= 2.6.16" | - |
Affected
| ||||||
| Wireshark Search vendor "Wireshark" | Wireshark Search vendor "Wireshark" for product "Wireshark" | >= 3.0.0 <= 3.0.10 Search vendor "Wireshark" for product "Wireshark" and version " >= 3.0.0 <= 3.0.10" | - |
Affected
| ||||||
| Wireshark Search vendor "Wireshark" | Wireshark Search vendor "Wireshark" for product "Wireshark" | >= 3.2.0 <= 3.2.3 Search vendor "Wireshark" for product "Wireshark" and version " >= 3.2.0 <= 3.2.3" | - |
Affected
| ||||||
| Debian Search vendor "Debian" | Debian Linux Search vendor "Debian" for product "Debian Linux" | 9.0 Search vendor "Debian" for product "Debian Linux" and version "9.0" | - |
Affected
| ||||||
| Opensuse Search vendor "Opensuse" | Leap Search vendor "Opensuse" for product "Leap" | 15.1 Search vendor "Opensuse" for product "Leap" and version "15.1" | - |
Affected
| ||||||
| Opensuse Search vendor "Opensuse" | Leap Search vendor "Opensuse" for product "Leap" | 15.2 Search vendor "Opensuse" for product "Leap" and version "15.2" | - |
Affected
| ||||||
| Fedoraproject Search vendor "Fedoraproject" | Fedora Search vendor "Fedoraproject" for product "Fedora" | 31 Search vendor "Fedoraproject" for product "Fedora" and version "31" | - |
Affected
| ||||||
| Fedoraproject Search vendor "Fedoraproject" | Fedora Search vendor "Fedoraproject" for product "Fedora" | 32 Search vendor "Fedoraproject" for product "Fedora" and version "32" | - |
Affected
| ||||||