Main Vulnerability Database Vulnerabilities #VU49035

Memory leak in Wireshark - CVE-2020-26420

Published: December 16, 2020 / Updated: December 19, 2020

Vulnerability identifier: #VU49035

CSH Severity: Medium

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Green

CVE-ID: CVE-2020-26420

CWE-ID: CWE-401

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vendor: Wireshark.org

Affected software:
Wireshark

Detailed vulnerability description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to memory leak within RTPS protocol dissector in Wireshark 3.4.0 and 3.2.0 to 3.2.8 allows denial of service via packet injection or crafted capture file. A remote attacker can perform a denial of service attack.

How to mitigate CVE-2020-26420

Install update from vendor's website.

Sources

https://gitlab.com/gitlab-org/cves/-/blob/master/2020/CVE-2020-26420.json
https://gitlab.com/wireshark/wireshark/-/issues/16994
https://www.wireshark.org/security/wnpa-sec-2020-18.html

Memory leak in Wireshark - CVE-2020-26420

Detailed vulnerability description

How to mitigate CVE-2020-26420

Sources

Please verify you're human