Back to search
CVE-2020-25866
Published: Oct 6, 2020
Modified: Aug 4, 2024
PUBLISHED
Description
In Wireshark 3.2.0 to 3.2.6 and 3.0.0 to 3.0.13, the BLIP protocol dissector has a NULL pointer dereference because a buffer was sized for compressed (not uncompressed) messages. This was addressed in epan/dissectors/packet-blip.c by allowing reasonable compression ratios and rejecting ZIP bombs.
| Vendor | Product | Versions |
|---|---|---|
n/a | n/a | affected n/a |
References
https://www.wireshark.org/security/wnpa-sec-2020-13.html
x_refsource_MISC
https://gitlab.com/wireshark/wireshark/-/issues/16866
x_refsource_MISC
FEDORA-2020-1b390bec14
vendor-advisory
x_refsource_FEDORA
FEDORA-2020-1bf4b97c16
vendor-advisory
x_refsource_FEDORA
FEDORA-2020-9bda6ae1cd
vendor-advisory
x_refsource_FEDORA
openSUSE-SU-2020:1878
vendor-advisory
x_refsource_SUSE
openSUSE-SU-2020:1882
vendor-advisory
x_refsource_SUSE
https://www.oracle.com/security-alerts/cpujan2021.html
x_refsource_MISC
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now