ArchLinux: 202007-2: wireshark-cli: denial of service

    Date 31 Jul 2020
    95
    Posted By LinuxSecurity Advisories
    The package wireshark-cli before version 3.2.5-1 is vulnerable to denial of service.
    Arch Linux Security Advisory ASA-202007-2
    =========================================
    
    Severity: Low
    Date    : 2020-07-18
    CVE-ID  : CVE-2020-15466
    Package : wireshark-cli
    Type    : denial of service
    Remote  : Yes
    Link    : https://security.archlinux.org/AVG-1198
    
    Summary
    =======
    
    The package wireshark-cli before version 3.2.5-1 is vulnerable to
    denial of service.
    
    Resolution
    ==========
    
    Upgrade to 3.2.5-1.
    
    # pacman -Syu "wireshark-cli>=3.2.5-1"
    
    The problem has been fixed upstream in version 3.2.5.
    
    Workaround
    ==========
    
    None.
    
    Description
    ===========
    
    An infinite loop has been found in the GVCP dissector of Wireshark
    before 3.2.5. It may be possible to make Wireshark consume excessive
    CPU resources by injecting a malformed packet onto the wire or by
    convincing someone to read a malformed packet trace file.
    
    Impact
    ======
    
    A remote attacker is able use specially crafted packets to perform a
    denial of service attack.
    
    References
    ==========
    
    https://www.wireshark.org/security/wnpa-sec-2020-09
    https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=16029
    https://code.wireshark.org/review/#/c/37618/
    https://security.archlinux.org/CVE-2020-15466
    

    LinuxSecurity Poll

    Are you planning to use the 1Password password manager now that it is available to Linux users?

    No answer selected. Please try again.
    Please select either existing option or enter your own, however not both.
    Please select minimum 0 answer(s) and maximum 3 answer(s).
    /main-polls/35-are-you-planning-to-use-the-1password-password-manager-now-that-it-is-available-to-linux-users?task=poll.vote&format=json
    35
    radio
    [{"id":"122","title":"Yes","votes":"1","type":"x","order":"1","pct":20,"resources":[]},{"id":"123","title":"No ","votes":"3","type":"x","order":"2","pct":60,"resources":[]},{"id":"124","title":"Not sure at the moment","votes":"1","type":"x","order":"3","pct":20,"resources":[]}] ["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"] ["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"] 350
    bottom 200

    Advisories

    Please enable / Bitte aktiviere JavaScript!
    Veuillez activer / Por favor activa el Javascript![ ? ]

    We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.