Vulnerability Name:

CVE-2020-26575 (CCN-189454)

Assigned:2020-10-02
Published:2020-10-02
Updated:2021-02-11
Summary:In Wireshark through 3.2.7, the Facebook Zero Protocol (aka FBZERO) dissector could enter an infinite loop. This was addressed in epan/dissectors/packet-fbzero.c by correcting the implementation of offset advancement.
CVSS v3 Severity:7.5 High (CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)
6.5 Medium (Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): None
Integrity (I): None
Availibility (A): High
5.3 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)
4.6 Medium (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:U/RL:O/RC:C)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): None
Integrity (I): None
Availibility (A): Low
CVSS v2 Severity:5.0 Medium (CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Authentication (Au): None
Impact Metrics:Confidentiality (C): None
Integrity (I): None
Availibility (A): Partial
5.0 Medium (CCN CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Athentication (Au): None
Impact Metrics:Confidentiality (C): None
Integrity (I): None
Availibility (A): Partial
Vulnerability Type:CWE-835
Vulnerability Consequences:Denial of Service
References:Source: MITRE
Type: CNA
CVE-2020-26575

Source: XF
Type: UNKNOWN
wireshark-cve202026575-dos(189454)

Source: CCN
Type: Wireshark GIT Repository
FBZERO: Make sure our offset advances

Source: MISC
Type: Patch, Third Party Advisory
https://gitlab.com/wireshark/wireshark/-/commit/3ff940652962c099b73ae3233322b8697b0d10ab

Source: MISC
Type: Broken Link
https://gitlab.com/wireshark/wireshark/-/issues/16887

Source: MISC
Type: Patch, Third Party Advisory
https://gitlab.com/wireshark/wireshark/-/merge_requests/467

Source: MISC
Type: Patch, Third Party Advisory
https://gitlab.com/wireshark/wireshark/-/merge_requests/471

Source: MISC
Type: Patch, Third Party Advisory
https://gitlab.com/wireshark/wireshark/-/merge_requests/472

Source: MISC
Type: Patch, Third Party Advisory
https://gitlab.com/wireshark/wireshark/-/merge_requests/473

Source: MLIST
Type: Mailing List, Third Party Advisory
[debian-lts-announce] 20210206 [SECURITY] [DLA 2547-1] wireshark security update

Source: FEDORA
Type: Mailing List, Third Party Advisory
FEDORA-2020-4cff262f07

Source: FEDORA
Type: Mailing List, Third Party Advisory
FEDORA-2020-d4344dd12f

Source: GENTOO
Type: Third Party Advisory
GLSA-202011-08

Source: MISC
Type: Third Party Advisory
https://www.oracle.com/security-alerts/cpujan2021.html

Source: CONFIRM
Type: Vendor Advisory
https://www.wireshark.org/security/wnpa-sec-2020-14.html

Vulnerable Configuration:Configuration 1:
  • cpe:/a:wireshark:wireshark:*:*:*:*:*:*:*:* (Version <= 3.2.7)

    • Configuration 2:
  • cpe:/o:fedoraproject:fedora:32:*:*:*:*:*:*:*
  • OR cpe:/o:fedoraproject:fedora:33:*:*:*:*:*:*:*

    • Configuration 3:
  • cpe:/o:debian:debian_linux:9.0:*:*:*:*:*:*:*

    • Configuration 4:
  • cpe:/o:oracle:zfs_storage_appliance_firmware:8.8:*:*:*:*:*:*:*
  • AND
  • cpe:/h:oracle:zfs_storage_appliance:-:*:*:*:*:*:*:*

    • * Denotes that component is vulnerable
    Oval Definitions
    Definition IDClassTitleLast Modified
    oval:org.opensuse.security:def:202026575
    V
    		CVE-2020-26575
    2023-06-22
    oval:org.opensuse.security:def:7698
    P
    		libwireshark15-3.6.13-150000.3.89.1 on GA media (Moderate)
    2023-06-12
    oval:org.opensuse.security:def:7983
    P
    		wireshark-devel-3.6.13-150000.3.89.1 on GA media (Moderate)
    2023-06-12
    oval:org.opensuse.security:def:3360
    P
    		rzsz-0.12.21~rc-1001.3.1 on GA media (Moderate)
    2022-06-28
    oval:org.opensuse.security:def:3106
    P
    		ibus-chewing-1.4.14-4.11 on GA media (Moderate)
    2022-06-28
    oval:org.opensuse.security:def:2858
    P
    		aide-0.16-24.1 on GA media (Moderate)
    2022-06-22
    oval:org.opensuse.security:def:2923
    P
    		fribidi-1.0.10-150400.1.7 on GA media (Moderate)
    2022-06-22
    oval:org.opensuse.security:def:2913
    P
    		ecryptfs-utils-111-2.31 on GA media (Moderate)
    2022-06-22
    oval:org.opensuse.security:def:94736
    P
    		libwireshark15-3.6.2-3.71.1 on GA media (Moderate)
    2022-06-22
    oval:org.opensuse.security:def:94990
    P
    		wireshark-devel-3.6.2-3.71.1 on GA media (Moderate)
    2022-06-22
    oval:org.opensuse.security:def:2868
    P
    		audit-devel-3.0.6-150400.2.13 on GA media (Moderate)
    2022-06-22
    oval:org.opensuse.security:def:94753
    P
    		mailx-12.5-3.3.1 on GA media (Moderate)
    2022-06-22
    oval:org.opensuse.security:def:226
    P
    		libwireshark13-3.2.8-3.44.1 on GA media (Moderate)
    2022-06-13
    oval:org.opensuse.security:def:94446
    P
    		 (Important)
    2022-05-16
    oval:org.opensuse.security:def:1155
    P
    		Security update for go1.16 (Important)
    2022-04-12
    oval:org.opensuse.security:def:1748
    P
    		Security update for the Linux Kernel (Important)
    2022-01-19
    oval:org.opensuse.security:def:112915
    P
    		libwireshark14-3.4.8-1.2 on GA media (Moderate)
    2022-01-17
    oval:org.opensuse.security:def:73764
    P
    		Security update for permissions (Moderate)
    2021-12-28
    oval:org.opensuse.security:def:49303
    P
    		Security update for python-Babel (Important)
    2021-12-22
    oval:org.opensuse.security:def:68322
    P
    		Security update for the Linux Kernel (Live Patch 8 for SLE 15 SP2) (Important)
    2021-12-14
    oval:org.opensuse.security:def:70324
    P
    		Security update for mariadb (Moderate)
    2021-12-06
    oval:org.opensuse.security:def:68586
    P
    		Security update for speex (Moderate)
    2021-12-01
    oval:org.opensuse.security:def:66981
    P
    		Security update for the Linux Kernel (Important)
    2021-11-19
    oval:org.opensuse.security:def:1787
    P
    		Security update for the Linux Kernel (Important)
    2021-11-11
    oval:org.opensuse.security:def:70486
    P
    		Security update for curl (Moderate)
    2021-10-06
    oval:org.opensuse.security:def:106372
    P
    		libwireshark14-3.4.8-1.2 on GA media (Moderate)
    2021-10-01
    oval:org.opensuse.security:def:73700
    P
    		Security update for hivex (Moderate)
    2021-09-23
    oval:org.opensuse.security:def:96642
    P
    		libidn2-0-2.0.4-1.23 on GA media (Moderate)
    2021-09-21
    oval:org.opensuse.security:def:65239
    P
    		Security update for ffmpeg (Important)
    2021-09-02
    oval:org.opensuse.security:def:2273
    P
    		ovmf-202008-8.1 on GA media (Moderate)
    2021-08-10
    oval:org.opensuse.security:def:2268
    P
    		memcached-1.5.6-4.5.30 on GA media (Moderate)
    2021-08-10
    oval:org.opensuse.security:def:2425
    P
    		python2-opencv-3.3.1-6.6.1 on GA media (Moderate)
    2021-08-10
    oval:org.opensuse.security:def:2275
    P
    		python3-Twisted-19.10.0-3.2.6 on GA media (Moderate)
    2021-08-10
    oval:org.opensuse.security:def:2263
    P
    		libtpms-devel-0.8.2-1.1 on GA media (Moderate)
    2021-08-10
    oval:org.opensuse.security:def:1935
    P
    		log4j12-javadoc-1.2.17-2.26 on GA media (Moderate)
    2021-08-09
    oval:org.opensuse.security:def:72556
    P
    		wireshark-devel-3.2.8-3.44.1 on GA media (Moderate)
    2021-08-09
    oval:org.opensuse.security:def:101243
    P
    		wireshark-devel-3.2.8-3.44.1 on GA media (Moderate)
    2021-08-09
    oval:org.opensuse.security:def:1929
    P
    		jython-2.2.1-11.65 on GA media (Moderate)
    2021-08-09
    oval:org.opensuse.security:def:71775
    P
    		bind-devel-9.16.6-20.39 on GA media (Moderate)
    2021-08-09
    oval:org.opensuse.security:def:62244
    P
    		libwireshark13-3.2.8-3.44.1 on GA media (Moderate)
    2021-08-09
    oval:org.opensuse.security:def:1934
    P
    		libtidy-devel-5.4.0-3.2.1 on GA media (Moderate)
    2021-08-09
    oval:org.opensuse.security:def:1931
    P
    		libgit2-28-0.28.4-1.28 on GA media (Moderate)
    2021-08-09
    oval:org.opensuse.security:def:71823
    P
    		ghostscript-9.52-3.32.1 on GA media (Moderate)
    2021-08-09
    oval:org.opensuse.security:def:101159
    P
    		gnome-shell-3.34.5-8.1 on GA media (Moderate)
    2021-08-09
    oval:org.opensuse.security:def:71939
    P
    		libpng12-0-1.2.57-2.18 on GA media (Moderate)
    2021-08-09
    oval:org.opensuse.security:def:62837
    P
    		wireshark-devel-3.2.8-3.44.1 on GA media (Moderate)
    2021-08-09
    oval:org.opensuse.security:def:71985
    P
    		libwireshark13-3.2.8-3.44.1 on GA media (Moderate)
    2021-08-09
    oval:org.opensuse.security:def:49447
    P
    		Security update for php72 (Important)
    2021-08-06
    oval:org.opensuse.security:def:74719
    P
    		Security update for jdom2 (Important)
    2021-07-12
    oval:org.opensuse.security:def:101466
    P
    		Security update for the Linux Kernel (Important)
    2021-06-28
    oval:org.opensuse.security:def:70429
    P
    		Security update for wireshark (Important)
    2021-06-22
    oval:org.opensuse.security:def:73646
    P
    		Security update for ucode-intel (Important)
    2021-06-10
    oval:org.opensuse.security:def:67130
    P
    		Security update for snakeyaml (Important)
    2021-06-07
    oval:org.opensuse.security:def:73821
    P
    		Security update for lz4 (Important)
    2021-06-01
    oval:org.opensuse.security:def:70378
    P
    		Security update for open-iscsi (Important)
    2021-04-13
    oval:org.opensuse.security:def:67073
    P
    		Security update for gnutls (Important)
    2021-03-24
    oval:org.opensuse.security:def:49461
    P
    		Security update for nodejs12 (Important)
    2021-02-26
    oval:org.opensuse.security:def:67035
    P
    		Security update for webkit2gtk3 (Important)
    2021-02-22
    oval:org.opensuse.security:def:71662
    P
    		log4j12-1.2.17-2.26 on GA media (Moderate)
    2020-12-03
    oval:org.opensuse.security:def:2220
    P
    		virt-install-2.2.1-8.38 on GA media (Moderate)
    2020-12-03
    oval:org.opensuse.security:def:2208
    P
    		qemu-audio-oss-3.1.1.1-9.21.4 on GA media (Moderate)
    2020-12-03
    oval:org.opensuse.security:def:2218
    P
    		sysstat-isag-12.0.2-3.21.18 on GA media (Moderate)
    2020-12-03
    oval:org.opensuse.security:def:2213
    P
    		sblim-sfcb-1.4.9-3.7 on GA media (Moderate)
    2020-12-03
    oval:org.opensuse.security:def:2577
    P
    		Security update for wireshark (Moderate)
    2020-12-02
    oval:org.opensuse.security:def:2573
    P
    		Security update for kernel-firmware (Important)
    2020-12-02
    oval:org.opensuse.security:def:49796
    P
    		osc on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:65149
    P
    		Security update for ffmpeg (Low)
    2020-12-01
    oval:org.opensuse.security:def:49729
    P
    		bsh2 on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:49640
    P
    		hplip on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:75057
    P
    		Security update for libX11 (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:51303
    P
    		Security update for wireshark (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:49861
    P
    		perl-doc on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:68483
    P
    		Security update for runc (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:51241
    P
    		Security update for libopenmpt (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:49680
    P
    		libmp3lame-devel on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:49892
    P
    		openldap2 on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:75190
    P
    		Security update for wireshark (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:49851
    P
    		openldap2-devel-32bit on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:49784
    P
    		glibc-devel-32bit on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:49695
    P
    		libsrt1 on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:51358
    P
    		Security update for wireshark (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:49916
    P
    		python-devel on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:49365
    P
    		yast2-security on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:51296
    P
    		Security update for python (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:49219
    P
    		libpoppler-cpp0 on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:49965
    P
    		libwsman-devel on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:50862
    P
    		Security update for wireshark (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:49947
    P
    		gnuplot on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:49430
    P
    		libcairo2-32bit on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:50808
    P
    		Security update for libX11 (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:65075
    P
    		Security update for wireshark (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:49512
    P
    		firewall-applet on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:64988
    P
    		Security update for permissions (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:68422
    P
    		Security update for wireshark (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:49361
    P
    		xorg-x11-server on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:50020
    P
    		libxmltooling-devel on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:51013
    P
    		Security update for wireshark (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:65115
    P
    		Security update for icu (Important)
    2020-12-01
    oval:org.opensuse.security:def:49577
    P
    		libsoup-devel on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:50956
    P
    		Security update for grub2 (Important)
    2020-12-01
    oval:org.opensuse.security:def:49532
    P
    		libSDL2-2_0-0 on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:49608
    P
    		MozillaFirefox on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:110343
    P
    		Security update for wireshark (Moderate)
    2020-11-29
    oval:org.opensuse.security:def:110885
    P
    		Security update for wireshark (Moderate)
    2020-11-27
    oval:org.opensuse.security:def:117340
    P
    		Security update for wireshark (Moderate)
    2020-11-19
    oval:org.opensuse.security:def:90400
    P
    		Security update for wireshark (Moderate)
    2020-11-19
    oval:org.opensuse.security:def:108132
    P
    		Security update for wireshark (Moderate)
    2020-11-19
    oval:org.opensuse.security:def:97365
    P
    		Security update for wireshark (Moderate)
    2020-11-19
    oval:org.opensuse.security:def:104055
    P
    		Security update for wireshark (Moderate)
    2020-11-19
    oval:org.opensuse.security:def:117646
    P
    		Security update for wireshark (Moderate)
    2020-11-19
    oval:org.opensuse.security:def:90587
    P
    		Security update for wireshark (Moderate)
    2020-11-19
    oval:org.opensuse.security:def:97552
    P
    		Security update for wireshark (Moderate)
    2020-11-19
    oval:org.opensuse.security:def:104242
    P
    		Security update for wireshark (Moderate)
    2020-11-19
    oval:org.opensuse.security:def:107825
    P
    		Security update for wireshark (Moderate)
    2020-11-19
    BACK
    wireshark wireshark *
    fedoraproject fedora 32
    fedoraproject fedora 33
    debian debian linux 9.0
    oracle zfs storage appliance firmware 8.8
    oracle zfs storage appliance -