Bug 1919917 (CVE-2020-26419) - CVE-2020-26419 wireshark: multiple dissector memory leaks (wnpa-sec-2020-19)
Summary: CVE-2020-26419 wireshark: multiple dissector memory leaks (wnpa-sec-2020-19)
Keywords:
Status: CLOSED NOTABUG
Alias: CVE-2020-26419
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
low
low
Target Milestone: ---
Assignee: Red Hat Product Security
QA Contact:
URL:
Whiteboard:
Depends On: 1919918
Blocks: 1919925
TreeView+ depends on / blocked
 
Reported: 2021-01-25 11:55 UTC by Dhananjay Arunesh
Modified: 2021-09-28 17:03 UTC (History)
9 users (show)

Fixed In Version: wireshark 3.4.1
Doc Type: If docs needed, set a value
Doc Text:
A memory leak was discovered in Wireshark while decoding packets captured in a pcap file or coming from the network. Multiple packet dissectors are potentially affected by this issue. A remote attacker may abuse this flaw by sending specially crafted packets that, when processed, would make Wireshark consume excessive CPU resources resulting in a denial of service. The highest threat from this vulnerability is to system availability.
Clone Of:
Environment:
Last Closed: 2021-02-01 20:41:43 UTC
Embargoed:


Attachments (Terms of Use)

Comment 1 Dhananjay Arunesh 2021-01-25 11:57:17 UTC
Created wireshark tracking bugs for this issue:

Affects: fedora-all [bug 1919918]

Comment 3 Mauro Matteo Cascella 2021-02-01 17:33:21 UTC
External References:

https://www.wireshark.org/security/wnpa-sec-2020-19

Comment 4 Mauro Matteo Cascella 2021-02-01 17:59:46 UTC
Statement:

This issue does not affect the versions of `wireshark` as shipped with Red Hat Enterprise Linux 5, 6, 7, and 8, as the vulnerable code was introduced in a newer version of the package.

Comment 5 Product Security DevOps Team 2021-02-01 20:41:43 UTC
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s):

https://access.redhat.com/security/cve/cve-2020-26419

Comment 6 Mauro Matteo Cascella 2021-02-03 13:48:33 UTC
In reply to comment #4:
> This issue does not affect the versions of `wireshark` as shipped with Red
> Hat Enterprise Linux 5, 6, 7, and 8, as the vulnerable code was introduced
> in a newer version of the package.

Specifically, it looks like the vulnerable code in _proto_tree_add_bits_ret_val() was introduced in version 3.4.0 via the following commit:
https://gitlab.com/wireshark/wireshark/-/commit/0ceb46e1c2

RHEL-8 ships an older version of wireshark (2.6) which is not affected by this flaw.


Note You need to log in before you can comment on or make changes to this bug.