CVE-2020-25866

Common vulnerabilities & exposures (CVE)

CVE database CVE database blogpost Release & EoL database

Published at: - 06-10-2020 05:15

Last modified: - 07-10-2022 05:19

Total changes: - 4

Description

In Wireshark 3.2.0 to 3.2.6 and 3.0.0 to 3.0.13, the BLIP protocol dissector has a NULL pointer dereference because a buffer was sized for compressed (not uncompressed) messages. This was addressed in epan/dissectors/packet-blip.c by allowing reasonable compression ratios and rejecting ZIP bombs.

Common Vulnerability Scoring System (CVSS)

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Low

Attack complexity

Network

Attack vector

High

Availability

None

Confidentiality

None

Integrity

None

Privileges required

Unchanged

Scope

None

User interaction

7.5

Base score

3.9

3.6

Exploitability score

Impact score

Verification logic

Reference

https://gitlab.com/wireshark/wireshark/-/issues/16866
https://www.wireshark.org/security/wnpa-sec-2020-13.html
https://gitlab.com/wireshark/wireshark/-/commit/4a948427100b6c109f4ec7b4361f0d2aec5e5c3f
FEDORA-2020-1b390bec14-Mailing List, Third Party Advisory
FEDORA-2020-1bf4b97c16-Mailing List, Third Party Advisory
FEDORA-2020-9bda6ae1cd-Mailing List, Third Party Advisory
openSUSE-SU-2020:1878-Mailing List, Third Party Advisory
openSUSE-SU-2020:1882-Mailing List, Third Party Advisory
https://www.oracle.com/security-alerts/cpujan2021.html

Keywords

CVE-2020-25866

Common vulnerabilities & exposures (CVE)

Description

Common Vulnerability Scoring System (CVSS)

Verification logic

Reference

NVD

CVE-2020-25866

CVE

Common vulnerabilities & exposures

CVSS

Common vulnerability scoring system

Security

Vulnerabilities

Exposures