Main Vulnerability Database Vulnerabilities #VU49033

Memory leak in Wireshark - CVE-2020-26418

Published: December 16, 2020 / Updated: December 19, 2020

Vulnerability identifier: #VU49033

CSH Severity: Medium

CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Green

CVE-ID: CVE-2020-26418

CWE-ID: CWE-401

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vulnerable software:
Wireshark

Software vendor:
Wireshark.org

Description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to memory leak within Kafka protocol dissector in Wireshark 3.4.0 and 3.2.0 to 3.2.8 allows denial of service via packet injection or crafted capture file. A remote attacker can perform a denial of service attack.

Remediation

Install update from vendor's website.

External links

https://gitlab.com/gitlab-org/cves/-/blob/master/2020/CVE-2020-26418.json
https://gitlab.com/wireshark/wireshark/-/issues/16739
https://www.wireshark.org/security/wnpa-sec-2020-16.html

Memory leak in Wireshark - CVE-2020-26418

Description

Remediation

External links

Please verify you're human