Vulnerability CVE-2020-25866

Vulnerability Name:

CVE-2020-25866 (CCN-188794)

Assigned:

2020-09-23

Published:

2020-09-23

Updated:

2022-10-07

Summary:

In Wireshark 3.2.0 to 3.2.6 and 3.0.0 to 3.0.13, the BLIP protocol dissector has a NULL pointer dereference because a buffer was sized for compressed (not uncompressed) messages. This was addressed in epan/dissectors/packet-blip.c by allowing reasonable compression ratios and rejecting ZIP bombs.

CVSS v3 Severity:

7.5 High (CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)
6.5 Medium (Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C)

Exploitability Metrics:	Attack Vector (AV): Network Attack Complexity (AC): Low Privileges Required (PR): None User Interaction (UI): None
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): None Integrity (I): None Availibility (A): High

3.3 Low (CCN CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L)
2.9 Low (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L/E:U/RL:O/RC:C)

Exploitability Metrics:	Attack Vector (AV): Local Attack Complexity (AC): Low Privileges Required (PR): None User Interaction (UI): Required
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): None Integrity (I): None Availibility (A): Low

CVSS v2 Severity:

5.0 Medium (CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Low Authentication (Au): None
Impact Metrics:	Confidentiality (C): None Integrity (I): None Availibility (A): Partial

1.7 Low (CCN CVSS v2 Vector: AV:L/AC:L/Au:S/C:N/I:N/A:P)

Exploitability Metrics:	Access Vector (AV): Local Access Complexity (AC): Low Athentication (Au): Single_Instance
Impact Metrics:	Confidentiality (C): None Integrity (I): None Availibility (A): Partial

Vulnerability Type:

CWE-476

Vulnerability Consequences:

Denial of Service

References:

Source: MITRE
Type: CNA
CVE-2020-25866

Source: SUSE
Type: Mailing List, Third Party Advisory
openSUSE-SU-2020:1878

Source: SUSE
Type: Mailing List, Third Party Advisory
openSUSE-SU-2020:1882

Source: XF
Type: UNKNOWN
wireshark-cve202025866-dos(188794)

Source: MISC
Type: Patch, Third Party Advisory
https://gitlab.com/wireshark/wireshark/-/commit/4a948427100b6c109f4ec7b4361f0d2aec5e5c3f

Source: MISC
Type: Exploit, Issue Tracking, Third Party Advisory
https://gitlab.com/wireshark/wireshark/-/issues/16866

Source: FEDORA
Type: Mailing List, Third Party Advisory
FEDORA-2020-1bf4b97c16

Source: FEDORA
Type: Mailing List, Third Party Advisory
FEDORA-2020-1b390bec14

Source: FEDORA
Type: Mailing List, Third Party Advisory
FEDORA-2020-9bda6ae1cd

Source: MISC
Type: Patch, Third Party Advisory
https://www.oracle.com/security-alerts/cpujan2021.html

Source: CCN
Type: Wireshark advisory wnpa-sec-2020-13
BLIP dissector crash

Source: MISC
Type: Vendor Advisory
https://www.wireshark.org/security/wnpa-sec-2020-13.html

Vulnerable Configuration:

Configuration 1:

cpe:/a:wireshark:wireshark:*:*:*:*:*:*:*:* (Version >= 3.0.0 and <= 3.0.13)

OR cpe:/a:wireshark:wireshark:*:*:*:*:*:*:*:* (Version >= 3.2.0 and <= 3.2.6)

Configuration 2:

cpe:/o:fedoraproject:fedora:31:*:*:*:*:*:*:*

OR cpe:/o:fedoraproject:fedora:32:*:*:*:*:*:*:*

OR cpe:/o:fedoraproject:fedora:33:*:*:*:*:*:*:*

Configuration 3:

cpe:/o:opensuse:leap:15.1:*:*:*:*:*:*:*

OR cpe:/o:opensuse:leap:15.2:*:*:*:*:*:*:*

Configuration 4:

cpe:/a:oracle:zfs_storage_appliance_kit:8.8:*:*:*:*:*:*:*

Configuration CCN 1:

cpe:/a:wireshark:wireshark:3.2.6:*:*:*:*:*:*:*

OR cpe:/a:wireshark:wireshark:3.0.13:*:*:*:*:*:*:*

Denotes that component is vulnerable

Oval Definitions

Definition ID	Class	Title	Last Modified
oval:org.opensuse.security:def:202025866	V	CVE-2020-25866	2023-06-22
oval:org.opensuse.security:def:7983	P	wireshark-devel-3.6.13-150000.3.89.1 on GA media (Moderate)	2023-06-12
oval:org.opensuse.security:def:7698	P	libwireshark15-3.6.13-150000.3.89.1 on GA media (Moderate)	2023-06-12
oval:org.opensuse.security:def:3106	P	ibus-chewing-1.4.14-4.11 on GA media (Moderate)	2022-06-28
oval:org.opensuse.security:def:3360	P	rzsz-0.12.21~rc-1001.3.1 on GA media (Moderate)	2022-06-28
oval:org.opensuse.security:def:2864	P	apr-util-devel-1.6.1-18.2.1 on GA media (Moderate)	2022-06-22
oval:org.opensuse.security:def:94747	P	libzstd-devel-1.5.0-150400.1.71 on GA media (Moderate)	2022-06-22
oval:org.opensuse.security:def:94736	P	libwireshark15-3.6.2-3.71.1 on GA media (Moderate)	2022-06-22
oval:org.opensuse.security:def:2917	P	expat-2.4.4-150400.2.24 on GA media (Moderate)	2022-06-22
oval:org.opensuse.security:def:2907	P	dhcp-4.3.6.P1-6.11.1 on GA media (Moderate)	2022-06-22
oval:org.opensuse.security:def:94990	P	wireshark-devel-3.6.2-3.71.1 on GA media (Moderate)	2022-06-22
oval:org.opensuse.security:def:226	P	libwireshark13-3.2.8-3.44.1 on GA media (Moderate)	2022-06-13
oval:org.opensuse.security:def:1155	P	Security update for go1.16 (Important)	2022-04-12
oval:org.opensuse.security:def:94436	P	(Important)	2022-03-30
oval:org.opensuse.security:def:1748	P	Security update for the Linux Kernel (Important)	2022-01-19
oval:org.opensuse.security:def:112915	P	libwireshark14-3.4.8-1.2 on GA media (Moderate)	2022-01-17
oval:org.opensuse.security:def:73754	P	Security update for python-Babel (Important)	2021-12-06
oval:org.opensuse.security:def:64804	P	Security update for ruby2.5 (Important)	2021-12-01
oval:org.opensuse.security:def:49301	P	Security update for python-Pygments (Important)	2021-11-29
oval:org.opensuse.security:def:68582	P	Security update for postgresql12 (Important)	2021-11-22
oval:org.opensuse.security:def:68309	P	Security update for the Linux Kernel (Important)	2021-11-19
oval:org.opensuse.security:def:49456	P	Security update for php72 (Moderate)	2021-11-19
oval:org.opensuse.security:def:70314	P	Security update for samba (Important)	2021-11-19
oval:org.opensuse.security:def:66971	P	Security update for binutils (Moderate)	2021-11-04
oval:org.opensuse.security:def:74672	P	Security update for ncurses (Moderate)	2021-10-20
oval:org.opensuse.security:def:106372	P	libwireshark14-3.4.8-1.2 on GA media (Moderate)	2021-10-01
oval:org.opensuse.security:def:63217	P	libsaml-devel-2.6.1-1.31 on GA media (Moderate)	2021-09-21
oval:org.opensuse.security:def:96592	P	jq-1.5-1.27 on GA media (Moderate)	2021-09-21
oval:org.opensuse.security:def:70480	P	Security update for openssl-1_0_0 (Low)	2021-09-09
oval:org.opensuse.security:def:73694	P	Security update for xerces-c (Important)	2021-09-06
oval:org.opensuse.security:def:49448	P	Security update for nodejs10 (Moderate)	2021-08-24
oval:org.opensuse.security:def:64560	P	Security update for krb5 (Important)	2021-08-20
oval:org.opensuse.security:def:65235	P	Security update for MozillaFirefox (Important)	2021-08-19
oval:org.opensuse.security:def:2262	P	libtcmu2-1.5.2-3.3.1 on GA media (Moderate)	2021-08-10
oval:org.opensuse.security:def:63419	P	binutils-gold-2.32-7.8.1 on GA media (Moderate)	2021-08-10
oval:org.opensuse.security:def:2228	P	apache2-mod_jk-1.2.43-6.3.1 on GA media (Moderate)	2021-08-10
oval:org.opensuse.security:def:2238	P	freeradius-server-3.0.21-3.6.1 on GA media (Moderate)	2021-08-10
oval:org.opensuse.security:def:2231	P	bind-9.16.6-20.39 on GA media (Moderate)	2021-08-10
oval:org.opensuse.security:def:2269	P	nginx-1.19.8-1.1 on GA media (Moderate)	2021-08-10
oval:org.opensuse.security:def:2257	P	librelp-devel-1.2.15-1.15 on GA media (Moderate)	2021-08-10
oval:org.opensuse.security:def:2267	P	libxmltooling-devel-3.1.0-1.26 on GA media (Moderate)	2021-08-10
oval:org.opensuse.security:def:2412	P	libxslt1-32bit-1.1.32-3.8.24 on GA media (Moderate)	2021-08-10
oval:org.opensuse.security:def:101149	P	fontforge-20200314-3.3.1 on GA media (Moderate)	2021-08-09
oval:org.opensuse.security:def:71762	P	apache-commons-httpclient-3.1-11.3.2 on GA media (Moderate)	2021-08-09
oval:org.opensuse.security:def:62244	P	libwireshark13-3.2.8-3.44.1 on GA media (Moderate)	2021-08-09
oval:org.opensuse.security:def:71819	P	gc-devel-7.6.4-1.16 on GA media (Moderate)	2021-08-09
oval:org.opensuse.security:def:1903	P	blktrace-1.1.0+git.20170126-3.3.28 on GA media (Moderate)	2021-08-09
oval:org.opensuse.security:def:1909	P	cpp10-10.2.1+git583-1.3.4 on GA media (Moderate)	2021-08-09
oval:org.opensuse.security:def:1925	P	guile-2.0.14-5.3.1 on GA media (Moderate)	2021-08-09
oval:org.opensuse.security:def:71935	P	libpcap-devel-1.9.1-1.33 on GA media (Moderate)	2021-08-09
oval:org.opensuse.security:def:62837	P	wireshark-devel-3.2.8-3.44.1 on GA media (Moderate)	2021-08-09
oval:org.opensuse.security:def:1919	P	glibc-devel-32bit-2.31-7.20 on GA media (Moderate)	2021-08-09
oval:org.opensuse.security:def:1924	P	groovy-lib-2.4.21-3.3.2 on GA media (Moderate)	2021-08-09
oval:org.opensuse.security:def:71985	P	libwireshark13-3.2.8-3.44.1 on GA media (Moderate)	2021-08-09
oval:org.opensuse.security:def:101243	P	wireshark-devel-3.2.8-3.44.1 on GA media (Moderate)	2021-08-09
oval:org.opensuse.security:def:1921	P	go1.16-1.16.3-1.11.1 on GA media (Moderate)	2021-08-09
oval:org.opensuse.security:def:1908	P	cargo-1.43.1-12.1 on GA media (Moderate)	2021-08-09
oval:org.opensuse.security:def:72556	P	wireshark-devel-3.2.8-3.44.1 on GA media (Moderate)	2021-08-09
oval:org.opensuse.security:def:1912	P	ctags-5.8-1.27 on GA media (Moderate)	2021-08-09
oval:org.opensuse.security:def:1774	P	Security update for bluez (Moderate)	2021-07-22
oval:org.opensuse.security:def:101460	P	Security update for wireshark (Important)	2021-06-22
oval:org.opensuse.security:def:70419	P	Security update for containerd, docker, runc (Important)	2021-06-11
oval:org.opensuse.security:def:48620	P	ruby-2.1-1.4 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:48844	P	java-1_7_0-openjdk-plugin-1.6.2-2.8.3 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:48749	P	libvdpau1-32bit-0.8-3.1 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:48752	P	libzmq3-4.0.4-13.1 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:63557	P	libwpd-0_10-10-0.10.2-1.28 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:48886	P	telepathy-gabble-0.18.3-5.7 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:67124	P	Security update for polkit (Important)	2021-06-03
oval:org.opensuse.security:def:73636	P	Security update for ceph (Important)	2021-06-02
oval:org.opensuse.security:def:64697	P	Security update for python-httplib2 (Moderate)	2021-05-31
oval:org.opensuse.security:def:64696	P	Security update for postgresql13 (Moderate)	2021-05-27
oval:org.opensuse.security:def:73815	P	Security update for hivex (Moderate)	2021-05-26
oval:org.opensuse.security:def:64494	P	Security update for shim (Important)	2021-05-11
oval:org.opensuse.security:def:70372	P	Security update for MozillaFirefox (Important)	2021-04-01
oval:org.opensuse.security:def:67063	P	Security update for glib2 (Important)	2021-03-12
oval:org.opensuse.security:def:67029	P	Security update for php7 (Important)	2021-02-17
oval:org.opensuse.security:def:64606	P	Security update for python (Important)	2021-02-09
oval:org.opensuse.security:def:64452	P	Security update for xen (Moderate)	2020-12-22
oval:org.opensuse.security:def:2179	P	krb5-plugin-kdb-ldap-1.16.3-3.6.1 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:2187	P	libmariadb-devel-3.1.8-3.18.1 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:48979	P	cyrus-sasl-digestmd5-32bit-2.1.26-8.7.1 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:2170	P	dovecot23-2.3.10-15.1 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:2181	P	libcacard-devel-2.5.3-1.27 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:2216	P	squid-4.11-5.17.2 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:49016	P	libmikmod3-3.2.0-4.59 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:2204	P	postgresql-contrib-12-2.2 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:48992	P	gstreamer-0_10-plugins-bad-0.10.23-25.1 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:2214	P	skopeo-0.1.41-4.11.1 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:2218	P	sysstat-isag-12.0.2-3.21.18 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:71649	P	libwscodecs1-2.4.16-3.31.1 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:2209	P	rarpd-s20161105-6.10 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:2567	P	Security update for wireshark (Moderate)	2020-12-02
oval:org.opensuse.security:def:2563	P	Security update for the Linux Kernel (Important)	2020-12-02
oval:org.opensuse.security:def:49290	P	Security update for python-setuptools (Important)	2020-12-02
oval:org.opensuse.security:def:2854	P	Security update for libqt5-qtbase (Important)	2020-12-02
oval:org.opensuse.security:def:64002	P	Security update for mariadb-100 (Moderate)	2020-12-01
oval:org.opensuse.security:def:49725	P	ant on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:50014	P	libshibsp-lite7 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:50849	P	Security update for wireshark (Moderate)	2020-12-01
oval:org.opensuse.security:def:64244	P	ecryptfs-utils on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:65076	P	Security update for krb5 (Moderate)	2020-12-01
oval:org.opensuse.security:def:49845	P	libtidy-devel on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:50795	P	Security update for webkit2gtk3 (Important)	2020-12-01
oval:org.opensuse.security:def:65062	P	Security update for wireshark (Moderate)	2020-12-01
oval:org.opensuse.security:def:49157	P	libXxf86vm-devel on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:49519	P	gnome-settings-daemon on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:49351	P	vim on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:49888	P	java-1_8_0-openjdk on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:49405	P	gdk-pixbuf-query-loaders-32bit on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:49567	P	libopenjpeg1 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:64975	P	Security update for ucode-intel (Moderate)	2020-12-01
oval:org.opensuse.security:def:63783	P	Security update for the Linux Kernel (Important)	2020-12-01
oval:org.opensuse.security:def:49352	P	w3m on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:68409	P	Security update for wireshark (Moderate)	2020-12-01
oval:org.opensuse.security:def:49778	P	crash on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:74546	P	Security update for balsa (Moderate)	2020-12-01
oval:org.opensuse.security:def:51003	P	Security update for wireshark (Moderate)	2020-12-01
oval:org.opensuse.security:def:64964	P	Security update for jasper (Low)	2020-12-01
oval:org.opensuse.security:def:50946	P	Security update for xen (Important)	2020-12-01
oval:org.opensuse.security:def:49206	P	libopenssl-1_1-devel on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:49670	P	libimobiledevice-devel on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:63855	P	Security update for mariadb-100 (Moderate)	2020-12-01
oval:org.opensuse.security:def:49636	P	gstreamer-plugins-base-devel on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:49941	P	cyrus-sasl-sqlauxprop on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:49857	P	perl-Mail-SpamAssassin-Plugin-iXhash2 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:65145	P	Security update for containerd, docker, docker-runc, golang-github-docker-libnetwork (Moderate)	2020-12-01
oval:org.opensuse.security:def:64231	P	cracklib on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:49502	P	avahi-autoipd on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:75018	P	Security update for opera (Moderate)	2020-12-01
oval:org.opensuse.security:def:51299	P	Security update for wireshark (Moderate)	2020-12-01
oval:org.opensuse.security:def:68479	P	Security update for podman, slirp4netns and libcontainers-common (Moderate)	2020-12-01
oval:org.opensuse.security:def:63652	P	Security update for bluez (Moderate)	2020-12-01
oval:org.opensuse.security:def:64906	P	Security update for the Linux Kernel (Important)	2020-12-01
oval:org.opensuse.security:def:51237	P	Security update for python (Moderate)	2020-12-01
oval:org.opensuse.security:def:49251	P	libunwind on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:49437	P	libgnomesu on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:49961	P	libspice-server-devel on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:49689	P	libpotrace0 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:75151	P	Security update for wireshark (Moderate)	2020-12-01
oval:org.opensuse.security:def:64110	P	Security update for the Linux Kernel (Important)	2020-12-01
oval:org.opensuse.security:def:49910	P	python3-keystoneclient on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:49792	P	ncurses-devel-32bit on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:64350	P	libmpfr6 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:51352	P	Security update for wireshark (Moderate)	2020-12-01
oval:org.opensuse.security:def:49064	P	cairo-devel on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:49598	P	rtkit on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:49130	P	ldb-tools on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:49417	P	libICE6-32bit on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:51290	P	Security update for tiff (Moderate)	2020-12-01
oval:org.opensuse.security:def:110846	P	Security update for wireshark (Moderate)	2020-11-09
oval:org.opensuse.security:def:110296	P	Security update for wireshark (Moderate)	2020-11-08
oval:org.opensuse.security:def:104238	P	Security update for wireshark (Moderate)	2020-11-05
oval:org.opensuse.security:def:117330	P	Security update for wireshark (Moderate)	2020-11-05
oval:org.opensuse.security:def:107815	P	Security update for wireshark (Moderate)	2020-11-05
oval:org.opensuse.security:def:117640	P	Security update for wireshark (Moderate)	2020-11-05
oval:org.opensuse.security:def:90387	P	Security update for wireshark (Moderate)	2020-11-05
oval:org.opensuse.security:def:108126	P	Security update for wireshark (Moderate)	2020-11-05
oval:org.opensuse.security:def:97548	P	Security update for wireshark (Moderate)	2020-11-05
oval:org.opensuse.security:def:104042	P	Security update for wireshark (Moderate)	2020-11-05
oval:org.opensuse.security:def:90583	P	Security update for wireshark (Moderate)	2020-11-05

BACK