CVE-2020-13164 — Uncontrolled Recursion in Wireshark

CWE-674 — Uncontrolled Recursion CWE-400 — Uncontrolled Resource Consumption10 documents8 sources

Severity

7.5HIGHNVD

EPSS

1.8%

top 17.05%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Wireshark Debian Linux Fedoraproject Fedora +1 more

Timeline

PublishedMay 19

Latest updateJul 31

Description

In Wireshark 3.2.0 to 3.2.3, 3.0.0 to 3.0.10, and 2.6.0 to 2.6.16, the NFS dissector could crash. This was addressed in epan/dissectors/packet-nfs.c by preventing excessive recursion, such as for a cycle in the directory graph on a filesystem.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 3.9 | Impact: 3.6

Affected Packages4 packages

▶Debianwireshark/wireshark< 3.2.4-1+3

▶Ubuntuwireshark/wireshark< 2.6.10-1~ubuntu14.04.0~esm2+3

▶NVDwireshark/wireshark2.6.0 — 2.6.16+2

▶NVDopensuse/leap15.1, 15.2+1

Also affects: Debian Linux 9.0, Fedora 31, 32

Patches

Patch: bugs.wireshark.org ↗Patch: bugs.wireshark.org ↗

🔴Vulnerability Details

OSV

wireshark vulnerabilities↗2023-07-31

▶

GHSA

GHSA-fmgx-6m2h-qh4r: In Wireshark 3↗2022-05-24

▶

CVEList

CVE-2020-13164: In Wireshark 3↗2020-05-19

▶

OSV

CVE-2020-13164: In Wireshark 3↗2020-05-19

▶

📋Vendor Advisories

Ubuntu

Wireshark vulnerabilities↗2023-07-31

▶

Red Hat

wireshark: NFS dissector crash (wnpa-sec-2020-08)↗2020-04-02

▶

Debian

CVE-2020-13164: wireshark - In Wireshark 3.2.0 to 3.2.3, 3.0.0 to 3.0.10, and 2.6.0 to 2.6.16, the NFS disse...↗2020

▶

💬Community

Bugzilla

CVE-2020-13164 wireshark: NFS dissector crash (wnpa-sec-2020-08) [fedora-all]↗2020-05-25

▶

Bugzilla

CVE-2020-13164 wireshark: NFS dissector crash (wnpa-sec-2020-08)↗2020-05-25

▶