SB2020040946 - Stack-based buffer overflow in wireshark (Alpine package)

Description

This security bulletin contains information about 1 vulnerability.

1) Stack-based buffer overflow (CVE-ID: CVE-2020-11647)

CWE-ID: CWE-121 - Stack-based buffer overflow

CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/U:Amber

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to a boundary error when processing data in BACapp dissector. A remote attacker can send specially crafted data via the network, trigger stack-based buffer overflow and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

Remediation

Install update from vendor's website.

References

• https://git.alpinelinux.org/aports/commit/?id=704ace2837ed45f76ac8d7344b9d8141b178e114
• https://git.alpinelinux.org/aports/commit/?id=220faeaa22d941085211d64ec55cc1fa6adb9b47