Bug 1886047 (CVE-2020-26575)

Summary: CVE-2020-26575 wireshark: FBZERO dissector could enter an infinite loop
Product: [Other] Security Response Reporter: Michael Kaplan <mkaplan>
Component: vulnerabilityAssignee: Red Hat Product Security <security-response-team>
Status: CLOSED WONTFIX QA Contact:
Severity: medium Docs Contact:
Priority: medium    
Version: unspecifiedCC: alekcejk, denis, huzaifas, lemenkov, mruprich, msehnout, peter, rvokal, sergey.avseyev
Target Milestone: ---Keywords: Security
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2021-06-29 20:51:18 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 1886048, 1886194    
Bug Blocks: 1886050    

Description Michael Kaplan 2020-10-07 14:32:13 UTC 
In Wireshark through 3.2.7, the Facebook Zero Protocol (aka FBZERO) dissector could enter an infinite loop. This was addressed in epan/dissectors/packet-fbzero.c by correcting the implementation of offset advancement.


References:

https://gitlab.com/wireshark/wireshark/-/commit/3ff940652962c099b73ae3233322b8697b0d10ab
https://gitlab.com/wireshark/wireshark/-/merge_requests/467
https://gitlab.com/wireshark/wireshark/-/merge_requests/471
https://gitlab.com/wireshark/wireshark/-/merge_requests/472
https://gitlab.com/wireshark/wireshark/-/merge_requests/473
Comment 1 Michael Kaplan 2020-10-07 14:32:42 UTC 
Created wireshark tracking bugs for this issue:

Affects: fedora-all [bug 1886048]
Comment 3 Todd Cullum 2020-10-07 21:06:48 UTC 
Statement:

Wireshark as shipped with Red Hat Enterprise Linux 5, 6, and 7 is not affected by this flaw because the Facebook Zero Dissector was not yet introduced until version 2.4.0rc0.