Arch Linux Security Advisory ASA-202007-2 ======================================== Severity: Low Date : 2020-07-18 CVE-ID : CVE-2020-15466 Package : wireshark-cli Type : denial of service Remote : Yes Link : https://security.archlinux.org/AVG-1198 Summary ====== The package wireshark-cli before version 3.2.5-1 is vulnerable to denial of service. Resolution ========= Upgrade to 3.2.5-1. # pacman -Syu "wireshark-cli>=3.2.5-1" The problem has been fixed upstream in version 3.2.5. Workaround ========= None. Description ========== An infinite loop has been found in the GVCP dissector of Wireshark before 3.2.5. It may be possible to make Wireshark consume excessive CPU resources by injecting a malformed packet onto the wire or by convincing someone to read a malformed packet trace file. Impact ===== A remote attacker is able use specially crafted packets to perform a denial of service attack. References ========= https://www.wireshark.org/security/wnpa-sec-2020-09 https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=16029 https://security.archlinux.org/CVE-2020-15466
ArchLinux: 202007-2: wireshark-cli: denial of service
July 31, 2020
Summary
An infinite loop has been found in the GVCP dissector of Wireshark before 3.2.5. It may be possible to make Wireshark consume excessive CPU resources by injecting a malformed packet onto the wire or by convincing someone to read a malformed packet trace file.
Resolution
Upgrade to 3.2.5-1.
# pacman -Syu "wireshark-cli>=3.2.5-1"
The problem has been fixed upstream in version 3.2.5.
References
https://www.wireshark.org/security/wnpa-sec-2020-09 https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=16029 https://security.archlinux.org/CVE-2020-15466
Severity
Package : wireshark-cli
Type : denial of service
Remote : Yes
Link : https://security.archlinux.org/AVG-1198
Workaround
None.
News
HOWTOs
Features
About Us
Powered By
