CVE-2020-26420Missing Release of Memory after Effective Lifetime in Wireshark

CWE-401Missing Release of Memory after Effective Lifetime6 documents6 sources
Severity
5.3MEDIUMNVD
CNA3.1
EPSS
0.4%
top 37.57%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
4
WiresharkTHE Wireshark Foundation WiresharkFedoraproject Fedora+1 more
Timeline
PublishedDec 11
Latest updateMay 24

Description

Memory leak in RTPS protocol dissector in Wireshark 3.4.0 and 3.2.0 to 3.2.8 allows denial of service via packet injection or crafted capture file.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:LExploitability: 3.9 | Impact: 1.4

Affected Packages4 packages

Debianwireshark/wireshark< 3.4.1-1+3
NVDwireshark/wireshark3.2.03.2.8+1
CVEListV5the_wireshark_foundation/wireshark3.4.0, >= 3.2.0 to < 3.2.9+1

Also affects: Fedora 32, 33

Patches

Patch: www.oracle.comPatch: www.oracle.com

🔴Vulnerability Details

3
GHSA
GHSA-rvp4-jqj8-p5fq: Memory leak in RTPS protocol dissector in Wireshark 32022-05-24
OSV
CVE-2020-26420: Memory leak in RTPS protocol dissector in Wireshark 32020-12-11
CVEList
CVE-2020-26420: Memory leak in RTPS protocol dissector in Wireshark 32020-12-11

📋Vendor Advisories

2
Red Hat
wireshark: RTPS dissector memory leak (wnpa-sec-2020-18)2020-12-09
Debian
CVE-2020-26420: wireshark - Memory leak in RTPS protocol dissector in Wireshark 3.4.0 and 3.2.0 to 3.2.8 all...2020
CVE-2020-26420 — Wireshark vulnerability | cvebase