Bug 1919917 (CVE-2020-26419)

Summary: CVE-2020-26419 wireshark: multiple dissector memory leaks (wnpa-sec-2020-19)
Product: [Other] Security Response Reporter: Dhananjay Arunesh <darunesh>
Component: vulnerabilityAssignee: Red Hat Product Security <security-response-team>
Status: CLOSED NOTABUG QA Contact:
Severity: low Docs Contact:
Priority: low    
Version: unspecifiedCC: alekcejk, denis, huzaifas, lemenkov, mruprich, msehnout, peter, rvokal, sergey.avseyev
Target Milestone: ---Keywords: Security
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: wireshark 3.4.1 Doc Type: If docs needed, set a value
Doc Text:
A memory leak was discovered in Wireshark while decoding packets captured in a pcap file or coming from the network. Multiple packet dissectors are potentially affected by this issue. A remote attacker may abuse this flaw by sending specially crafted packets that, when processed, would make Wireshark consume excessive CPU resources resulting in a denial of service. The highest threat from this vulnerability is to system availability.
 Story Points: ---
Clone Of: Environment:
Last Closed: 2021-02-01 20:41:43 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 1919918    
Bug Blocks: 1919925    

Description Dhananjay Arunesh 2021-01-25 11:55:41 UTC 
Multiple dissector memory leaks fixed in 3.4.1.

References:
https://www.wireshark.org/security/wnpa-sec-2020-19
https://gitlab.com/wireshark/wireshark/-/issues/17032
https://www.wireshark.org/lists/wireshark-announce/202012/msg00001.html
Comment 1 Dhananjay Arunesh 2021-01-25 11:57:17 UTC 
Created wireshark tracking bugs for this issue:

Affects: fedora-all [bug 1919918]
Comment 2 Mauro Matteo Cascella 2021-02-01 17:33:18 UTC 
Upstream fix:
https://gitlab.com/wireshark/wireshark/-/commit/a9fc769d7bb4b491efb61c699d57c9f35269d871
Comment 3 Mauro Matteo Cascella 2021-02-01 17:33:21 UTC 
External References:

https://www.wireshark.org/security/wnpa-sec-2020-19
Comment 4 Mauro Matteo Cascella 2021-02-01 17:59:46 UTC 
Statement:

This issue does not affect the versions of `wireshark` as shipped with Red Hat Enterprise Linux 5, 6, 7, and 8, as the vulnerable code was introduced in a newer version of the package.
Comment 5 Product Security DevOps Team 2021-02-01 20:41:43 UTC 
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s):

https://access.redhat.com/security/cve/cve-2020-26419
Comment 6 Mauro Matteo Cascella 2021-02-03 13:48:33 UTC 
In reply to comment #4:
> This issue does not affect the versions of `wireshark` as shipped with Red
> Hat Enterprise Linux 5, 6, 7, and 8, as the vulnerable code was introduced
> in a newer version of the package.

Specifically, it looks like the vulnerable code in _proto_tree_add_bits_ret_val() was introduced in version 3.4.0 via the following commit:
https://gitlab.com/wireshark/wireshark/-/commit/0ceb46e1c2

RHEL-8 ships an older version of wireshark (2.6) which is not affected by this flaw.