CVE-2020-26422Classic Buffer Overflow in Wireshark Foundation Wireshark

CWE-120Classic Buffer OverflowCWE-125Out-of-bounds Read6 documents6 sources
Severity
5.3MEDIUMNVD
CNA3.7
EPSS
0.3%
top 46.10%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
THE Wireshark Foundation WiresharkOracle ZFS Storage Appliance KITWireshark
Timeline
PublishedDec 21
Latest updateMay 24

Description

Buffer overflow in QUIC dissector in Wireshark 3.4.0 to 3.4.1 allows denial of service via packet injection or crafted capture file

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:LExploitability: 3.9 | Impact: 1.4

Affected Packages3 packages

NVDwireshark/wireshark3.4.0, 3.4.1+1
CVEListV5the_wireshark_foundation/wireshark>=3.4.0, <3.4.2

Patches

Patch: www.oracle.comPatch: www.oracle.com

🔴Vulnerability Details

3
GHSA
GHSA-f986-fpv9-3cm7: Buffer overflow in QUIC dissector in Wireshark 32022-05-24
CVEList
CVE-2020-26422: Buffer overflow in QUIC dissector in Wireshark 32020-12-21
OSV
CVE-2020-26422: Buffer overflow in QUIC dissector in Wireshark 32020-12-21

📋Vendor Advisories

2
Red Hat
wireshark: QUIC dissector crash (wnpa-sec-2020-20)2020-12-18
Debian
CVE-2020-26422: wireshark - Buffer overflow in QUIC dissector in Wireshark 3.4.0 to 3.4.1 allows denial of s...2020
CVE-2020-26422 — Classic Buffer Overflow | cvebase