Main Vulnerability Database Vulnerabilities #VU49036

Out-of-bounds read in Wireshark - CVE-2020-26421

Published: December 16, 2020 / Updated: December 19, 2020

Vulnerability identifier: #VU49036

CSH Severity: Medium

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Green

CVE-ID: CVE-2020-26421

CWE-ID: CWE-125

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vendor: Wireshark.org

Affected software:
Wireshark

Detailed vulnerability description

The vulnerability allows a remote non-authenticated attacker to perform service disruption.

Crash in USB HID protocol dissector and possibly other dissectors in Wireshark 3.4.0 and 3.2.0 to 3.2.8 allows denial of service via packet injection or crafted capture file.

How to mitigate CVE-2020-26421

Install update from vendor's website.

Sources

https://gitlab.com/gitlab-org/cves/-/blob/master/2020/CVE-2020-26421.json
https://gitlab.com/wireshark/wireshark/-/issues/16958
https://www.wireshark.org/security/wnpa-sec-2020-17.html

Out-of-bounds read in Wireshark - CVE-2020-26421

Detailed vulnerability description

How to mitigate CVE-2020-26421

Sources

Please verify you're human