Main Vulnerability Database Vulnerabilities #VU49035

#VU49035 Memory leak in Wireshark - CVE-2020-26420

Published: December 16, 2020 / Updated: December 19, 2020

Vulnerability identifier: #VU49035

Vulnerability risk: Medium

CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Green

CVE-ID: CVE-2020-26420

CWE-ID: CWE-401

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vulnerable software:
Wireshark

Software vendor:
Wireshark.org

Description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to memory leak within RTPS protocol dissector in Wireshark 3.4.0 and 3.2.0 to 3.2.8 allows denial of service via packet injection or crafted capture file. A remote attacker can perform a denial of service attack.

Remediation

Install update from vendor's website.

External links

https://gitlab.com/gitlab-org/cves/-/blob/master/2020/CVE-2020-26420.json
https://gitlab.com/wireshark/wireshark/-/issues/16994
https://www.wireshark.org/security/wnpa-sec-2020-18.html