CVE-2020-17498
published 2020-08-13CVE-2020-17498: In Wireshark 3.2.0 to 3.2.5, the Kafka protocol dissector could crash. This was addressed in epan/dissectors/packet-kafka.c by avoiding a double free during…
medium6.5CVSS 3.1
AVNACLPRNUIRSUCNINAH
In Wireshark 3.2.0 to 3.2.5, the Kafka protocol dissector could crash. This was addressed in epan/dissectors/packet-kafka.c by avoiding a double free during LZ4 decompression.
Affected
15 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | wireshark | < wireshark 3.2.6-1 (bookworm) | wireshark 3.2.6-1 (bookworm) |
| fedoraproject | fedora | — | — |
| fedoraproject | fedora | — | — |
| opensuse | leap | — | — |
| opensuse | leap | — | — |
| oracle | zfs_storage_appliance_kit | — | — |
| wireshark | wireshark | >= 0 < 3.2.6-1 | 3.2.6-1 |
| wireshark | wireshark | >= 0 < 3.2.6-1 | 3.2.6-1 |
| wireshark | wireshark | >= 0 < 3.2.6-1 | 3.2.6-1 |
| wireshark | wireshark | >= 0 < 3.2.6-1 | 3.2.6-1 |
| wireshark | wireshark | >= 0 < 2.6.10-1~ubuntu14.04.0~esm2 | 2.6.10-1~ubuntu14.04.0~esm2 |
| wireshark | wireshark | >= 0 < 2.6.10-1~ubuntu16.04.0+esm1 | 2.6.10-1~ubuntu16.04.0+esm1 |
| wireshark | wireshark | >= 0 < 2.6.10-1~ubuntu18.04.0+esm1 | 2.6.10-1~ubuntu18.04.0+esm1 |
| wireshark | wireshark | >= 0 < 3.2.3-1ubuntu0.1~esm1 | 3.2.3-1ubuntu0.1~esm1 |
| wireshark | wireshark | >= 3.2.0 < 3.2.6 | 3.2.6 |
CVSS provenance
nvdv3.16.5MEDIUMCVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
osv7.5HIGH