Main Vulnerability Database Vulnerabilities #VU49033

Memory leak in Wireshark - CVE-2020-26418

Published: December 16, 2020 / Updated: December 19, 2020

Vulnerability identifier: #VU49033

CSH Severity: Medium

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Green

CVE-ID: CVE-2020-26418

CWE-ID: CWE-401

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vendor: Wireshark.org

Affected software:
Wireshark

Detailed vulnerability description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to memory leak within Kafka protocol dissector in Wireshark 3.4.0 and 3.2.0 to 3.2.8 allows denial of service via packet injection or crafted capture file. A remote attacker can perform a denial of service attack.

How to mitigate CVE-2020-26418

Install update from vendor's website.

Sources

https://gitlab.com/gitlab-org/cves/-/blob/master/2020/CVE-2020-26418.json
https://gitlab.com/wireshark/wireshark/-/issues/16739
https://www.wireshark.org/security/wnpa-sec-2020-16.html

Memory leak in Wireshark - CVE-2020-26418

Detailed vulnerability description

How to mitigate CVE-2020-26418

Sources

Please verify you're human