CVE-2020-26418
Gentoo Linux Security Advisory 202101-12
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
1Exploited in Wild
-Decision
Descriptions
Memory leak in Kafka protocol dissector in Wireshark 3.4.0 and 3.2.0 to 3.2.8 allows denial of service via packet injection or crafted capture file.
Una filtración de memoria en el disector de protocolo Kafka en Wireshark versión 3.4.0 y versiones 3.2.0 hasta 3.2.8, permite una Denegación de Servicio por medio de una inyección de paquetes o archivo de captura diseñado
An update that solves 9 vulnerabilities and has two fixes is now available. This update for wireshark, libvirt, sbc and libqt5-qtmultimedia fixes the following issues. Update wireshark to version 3.4.5 Including security fixes for. Wireshark could open unsafe URLs. MS-WSP dissector excessive memory consumption QUIC dissector crash Kafka dissector memory leak Multiple dissector memory leaks RTPS dissector memory leak USB HID dissector crash. Fixed USB HID dissector memory leak. Fixed USB HID dissector crash libqt5-qtmultimedia and sbc are necessary dependencies. Libvirt is needed to rebuild wireshark-plugin-libvirt.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2020-10-01 CVE Reserved
- 2020-12-10 CVE Published
- 2024-08-04 CVE Updated
- 2024-08-04 First Exploit
- 2025-07-13 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-401: Missing Release of Memory after Effective Lifetime
CAPEC
References (8)
| URL | Tag | Source |
|---|---|---|
| https://gitlab.com/gitlab-org/cves/-/blob/master/2020/CVE-2020-26418.json | Third Party Advisory | |
| https://lists.debian.org/debian-lts-announce/2021/02/msg00008.html | Mailing List |
|
| URL | Date | SRC |
|---|---|---|
| https://gitlab.com/wireshark/wireshark/-/issues/16739 | 2024-08-04 |
| URL | Date | SRC |
|---|---|---|
| https://www.oracle.com/security-alerts/cpuApr2021.html | 2023-11-07 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Wireshark Search vendor "Wireshark" | Wireshark Search vendor "Wireshark" for product "Wireshark" | >= 3.2.0 <= 3.2.8 Search vendor "Wireshark" for product "Wireshark" and version " >= 3.2.0 <= 3.2.8" | - |
Affected
| ||||||
| Wireshark Search vendor "Wireshark" | Wireshark Search vendor "Wireshark" for product "Wireshark" | 3.4.0 Search vendor "Wireshark" for product "Wireshark" and version "3.4.0" | - |
Affected
| ||||||
| Fedoraproject Search vendor "Fedoraproject" | Fedora Search vendor "Fedoraproject" for product "Fedora" | 32 Search vendor "Fedoraproject" for product "Fedora" and version "32" | - |
Affected
| ||||||
| Fedoraproject Search vendor "Fedoraproject" | Fedora Search vendor "Fedoraproject" for product "Fedora" | 33 Search vendor "Fedoraproject" for product "Fedora" and version "33" | - |
Affected
| ||||||
| Debian Search vendor "Debian" | Debian Linux Search vendor "Debian" for product "Debian Linux" | 9.0 Search vendor "Debian" for product "Debian Linux" and version "9.0" | - |
Affected
| ||||||
| Oracle Search vendor "Oracle" | Zfs Storage Appliance Kit Search vendor "Oracle" for product "Zfs Storage Appliance Kit" | 8.8 Search vendor "Oracle" for product "Zfs Storage Appliance Kit" and version "8.8" | - |
Affected
| ||||||