In Wireshark 3.0.x before 3.0.8, the BT ATT dissector could crash. This was addressed in epan/dissectors/packet-btatt.c by validating opcodes. References: https://www.wireshark.org/security/wnpa-sec-2020-02.html https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=16258 Upstream commit: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=01f261de41f4dd3233ef578e5c0ffb9c25c7d14d
The vulnerability is in the dissect_btatt() function. The vulnerability was not present before the following commit, which added support for GATT level fields: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=8ba3d6fbe668748097ce2dc4b8203a1c80b81be0
Statement: This issue did not affect the versions of wireshark as shipped with Red Hat Enterprise Linux 7 as they did not include the vulnerable code.