Multiple dissector memory leaks fixed in 3.4.1. References: https://www.wireshark.org/security/wnpa-sec-2020-19 https://gitlab.com/wireshark/wireshark/-/issues/17032 https://www.wireshark.org/lists/wireshark-announce/202012/msg00001.html
Created wireshark tracking bugs for this issue: Affects: fedora-all [bug 1919918]
Upstream fix: https://gitlab.com/wireshark/wireshark/-/commit/a9fc769d7bb4b491efb61c699d57c9f35269d871
External References: https://www.wireshark.org/security/wnpa-sec-2020-19
Statement: This issue does not affect the versions of `wireshark` as shipped with Red Hat Enterprise Linux 5, 6, 7, and 8, as the vulnerable code was introduced in a newer version of the package.
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s): https://access.redhat.com/security/cve/cve-2020-26419
In reply to comment #4: > This issue does not affect the versions of `wireshark` as shipped with Red > Hat Enterprise Linux 5, 6, 7, and 8, as the vulnerable code was introduced > in a newer version of the package. Specifically, it looks like the vulnerable code in _proto_tree_add_bits_ret_val() was introduced in version 3.4.0 via the following commit: https://gitlab.com/wireshark/wireshark/-/commit/0ceb46e1c2 RHEL-8 ships an older version of wireshark (2.6) which is not affected by this flaw.