Bug 1886047 (CVE-2020-26575) - CVE-2020-26575 wireshark: FBZERO dissector could enter an infinite loop
Summary: CVE-2020-26575 wireshark: FBZERO dissector could enter an infinite loop
Keywords:
Status: CLOSED WONTFIX
Alias: CVE-2020-26575
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Red Hat Product Security
QA Contact:
URL:
Whiteboard:
Depends On: 1886048 1886194
Blocks: 1886050
TreeView+ depends on / blocked
 
Reported: 2020-10-07 14:32 UTC by Michael Kaplan
Modified: 2021-06-29 20:51 UTC (History)
9 users (show)

Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed: 2021-06-29 20:51:18 UTC


Attachments (Terms of Use)

Description Michael Kaplan 2020-10-07 14:32:13 UTC
In Wireshark through 3.2.7, the Facebook Zero Protocol (aka FBZERO) dissector could enter an infinite loop. This was addressed in epan/dissectors/packet-fbzero.c by correcting the implementation of offset advancement.


References:

https://gitlab.com/wireshark/wireshark/-/commit/3ff940652962c099b73ae3233322b8697b0d10ab
https://gitlab.com/wireshark/wireshark/-/merge_requests/467
https://gitlab.com/wireshark/wireshark/-/merge_requests/471
https://gitlab.com/wireshark/wireshark/-/merge_requests/472
https://gitlab.com/wireshark/wireshark/-/merge_requests/473

Comment 1 Michael Kaplan 2020-10-07 14:32:42 UTC
Created wireshark tracking bugs for this issue:

Affects: fedora-all [bug 1886048]

Comment 3 Todd Cullum 2020-10-07 21:06:48 UTC
Statement:

Wireshark as shipped with Red Hat Enterprise Linux 5, 6, and 7 is not affected by this flaw because the Facebook Zero Dissector was not yet introduced until version 2.4.0rc0.


Note You need to log in before you can comment on or make changes to this bug.