CVE-2020-7045NULL Pointer Dereference in Wireshark

CWE-476NULL Pointer DereferenceCWE-20Improper Input ValidationCWE-74Injection6 documents6 sources
Severity
6.5MEDIUMNVD
EPSS
0.2%
top 52.34%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
WiresharkDebian WiresharkDebian Linux
Timeline
PublishedJan 16
Latest updateMay 24

Description

In Wireshark 3.0.x before 3.0.8, the BT ATT dissector could crash. This was addressed in epan/dissectors/packet-btatt.c by validating opcodes.

CVSS vector

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 2.8 | Impact: 3.6

Affected Packages3 packages

debiandebian/wireshark< wireshark 3.2.0-1 (bookworm)
NVDwireshark/wireshark3.0.03.0.8
Debianwireshark/wireshark< 3.2.0-1+3

Also affects: Debian Linux 9.0

Patches

Patch: bugs.wireshark.orgPatch: bugs.wireshark.org

🔴Vulnerability Details

2
GHSA
GHSA-hx2c-xvp4-cgw4: In Wireshark 32022-05-24
OSV
CVE-2020-7045: In Wireshark 32020-01-16

📋Vendor Advisories

2
Red Hat
wireshark: invalid memory access in BT ATT dissector2020-01-15
Debian
CVE-2020-7045: wireshark - In Wireshark 3.0.x before 3.0.8, the BT ATT dissector could crash. This was addr...2020

💬Community

1
Bugzilla
CVE-2020-7045 wireshark: invalid memory access in BT ATT dissector2020-02-05