CVE-2020-26418 — Missing Release of Memory after Effective Lifetime in Wireshark

Severity

5.3MEDIUMNVD

CNA3.1

EPSS

0.4%

top 38.95%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Timeline

PublishedDec 11

Latest updateMay 24

Description

Memory leak in Kafka protocol dissector in Wireshark 3.4.0 and 3.2.0 to 3.2.8 allows denial of service via packet injection or crafted capture file.

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:LExploitability: 3.9 | Impact: 1.4

▶Debianwireshark/wireshark< 3.4.1-1+3

▶NVDwireshark/wireshark3.2.0 — 3.2.8+1

▶CVEListV5the_wireshark_foundation/wireshark3.4.0, >=3.2.0 to <3.2.9+1

Also affects: Debian Linux 9.0, Fedora 32, 33

GHSA

GHSA-63gq-cvv8-gc2g: Memory leak in Kafka protocol dissector in Wireshark 3↗2022-05-24

▶

OSV

CVE-2020-26418: Memory leak in Kafka protocol dissector in Wireshark 3↗2020-12-11

▶

CVEList

CVE-2020-26418: Memory leak in Kafka protocol dissector in Wireshark 3↗2020-12-11

▶

Red Hat

wireshark: Kafka dissector memory leak (wnpa-sec-2020-16)↗2020-12-09

▶

Debian

CVE-2020-26418: wireshark - Memory leak in Kafka protocol dissector in Wireshark 3.4.0 and 3.2.0 to 3.2.8 al...↗2020

▶