CVE-2020-26419Missing Release of Memory after Effective Lifetime in Wireshark Foundation Wireshark

CWE-401Missing Release of Memory after Effective Lifetime6 documents6 sources
Severity
5.3MEDIUMNVD
CNA3.1
EPSS
0.4%
top 37.57%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
4
WiresharkTHE Wireshark Foundation WiresharkFedoraproject Fedora+1 more
Timeline
PublishedDec 11
Latest updateMay 24

Description

Memory leak in the dissection engine in Wireshark 3.4.0 allows denial of service via packet injection or crafted capture file.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:LExploitability: 3.9 | Impact: 1.4

Affected Packages4 packages

Debianwireshark/wireshark< 3.4.1-1+3

Also affects: Fedora 32, 33

Patches

Patch: www.oracle.comPatch: www.oracle.com

🔴Vulnerability Details

3
GHSA
GHSA-mhq7-m27c-9qjm: Memory leak in the dissection engine in Wireshark 32022-05-24
CVEList
CVE-2020-26419: Memory leak in the dissection engine in Wireshark 32020-12-11
OSV
CVE-2020-26419: Memory leak in the dissection engine in Wireshark 32020-12-11

📋Vendor Advisories

2
Red Hat
wireshark: multiple dissector memory leaks (wnpa-sec-2020-19)2020-12-09
Debian
CVE-2020-26419: wireshark - Memory leak in the dissection engine in Wireshark 3.4.0 allows denial of service...2020
CVE-2020-26419 — MEDIUM severity | cvebase