CVE-2020-25866 - In Wireshark 3.2.0 to 3.2.6 and 3.0.0 to 3.0.13, the BLIP protocol dissector has a NULL pointer dere

CVE-2020-25866

Summary

In Wireshark 3.2.0 to 3.2.6 and 3.0.0 to 3.0.13, the BLIP protocol dissector has a NULL pointer dereference because a buffer was sized for compressed (not uncompressed) messages. This was addressed in epan/dissectors/packet-blip.c by allowing reasonable compression ratios and rejecting ZIP bombs.

References

Vulnerable Configurations

cpe:2.3:a:wireshark:wireshark:3.0.0:*:*:*:*:*:*:*
cpe:2.3:a:wireshark:wireshark:3.0.0:*:*:*:*:*:*:*
cpe:2.3:a:wireshark:wireshark:3.0.1:*:*:*:*:*:*:*
cpe:2.3:a:wireshark:wireshark:3.0.1:*:*:*:*:*:*:*
cpe:2.3:a:wireshark:wireshark:3.0.2:*:*:*:*:*:*:*
cpe:2.3:a:wireshark:wireshark:3.0.2:*:*:*:*:*:*:*
cpe:2.3:a:wireshark:wireshark:3.0.3:*:*:*:*:*:*:*
cpe:2.3:a:wireshark:wireshark:3.0.3:*:*:*:*:*:*:*
cpe:2.3:a:wireshark:wireshark:3.0.4:*:*:*:*:*:*:*
cpe:2.3:a:wireshark:wireshark:3.0.4:*:*:*:*:*:*:*
cpe:2.3:a:wireshark:wireshark:3.0.5:*:*:*:*:*:*:*
cpe:2.3:a:wireshark:wireshark:3.0.5:*:*:*:*:*:*:*
cpe:2.3:a:wireshark:wireshark:3.0.6:*:*:*:*:*:*:*
cpe:2.3:a:wireshark:wireshark:3.0.6:*:*:*:*:*:*:*
cpe:2.3:a:wireshark:wireshark:3.0.7:*:*:*:*:*:*:*
cpe:2.3:a:wireshark:wireshark:3.0.7:*:*:*:*:*:*:*
cpe:2.3:a:wireshark:wireshark:3.0.8:*:*:*:*:*:*:*
cpe:2.3:a:wireshark:wireshark:3.0.8:*:*:*:*:*:*:*
cpe:2.3:a:wireshark:wireshark:3.0.9:*:*:*:*:*:*:*
cpe:2.3:a:wireshark:wireshark:3.0.9:*:*:*:*:*:*:*
cpe:2.3:a:wireshark:wireshark:3.0.10:*:*:*:*:*:*:*
cpe:2.3:a:wireshark:wireshark:3.0.10:*:*:*:*:*:*:*
cpe:2.3:a:wireshark:wireshark:3.0.11:*:*:*:*:*:*:*
cpe:2.3:a:wireshark:wireshark:3.0.11:*:*:*:*:*:*:*
cpe:2.3:a:wireshark:wireshark:3.0.12:*:*:*:*:*:*:*
cpe:2.3:a:wireshark:wireshark:3.0.12:*:*:*:*:*:*:*
cpe:2.3:a:wireshark:wireshark:3.0.13:*:*:*:*:*:*:*
cpe:2.3:a:wireshark:wireshark:3.0.13:*:*:*:*:*:*:*
cpe:2.3:a:wireshark:wireshark:3.2.0:*:*:*:*:*:*:*
cpe:2.3:a:wireshark:wireshark:3.2.0:*:*:*:*:*:*:*
cpe:2.3:a:wireshark:wireshark:3.2.1:*:*:*:*:*:*:*
cpe:2.3:a:wireshark:wireshark:3.2.1:*:*:*:*:*:*:*
cpe:2.3:a:wireshark:wireshark:3.2.2:*:*:*:*:*:*:*
cpe:2.3:a:wireshark:wireshark:3.2.2:*:*:*:*:*:*:*
cpe:2.3:a:wireshark:wireshark:3.2.3:*:*:*:*:*:*:*
cpe:2.3:a:wireshark:wireshark:3.2.3:*:*:*:*:*:*:*
cpe:2.3:a:wireshark:wireshark:3.2.4:*:*:*:*:*:*:*
cpe:2.3:a:wireshark:wireshark:3.2.4:*:*:*:*:*:*:*
cpe:2.3:a:wireshark:wireshark:3.2.5:*:*:*:*:*:*:*
cpe:2.3:a:wireshark:wireshark:3.2.5:*:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:31:*:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:31:*:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:32:*:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:32:*:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:33:*:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:33:*:*:*:*:*:*:*
cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*
cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*
cpe:2.3:o:opensuse:leap:15.2:*:*:*:*:*:*:*
cpe:2.3:o:opensuse:leap:15.2:*:*:*:*:*:*:*
cpe:2.3:a:oracle:zfs_storage_appliance_kit:8.8:*:*:*:*:*:*:*
cpe:2.3:a:oracle:zfs_storage_appliance_kit:8.8:*:*:*:*:*:*:*

CVSS

Base:	5.0 (as of 07-10-2022 - 15:19)
Impact:
Exploitability:

CWE

CWE-476

CAPEC

Access

Vector	Complexity	Authentication
NETWORK	LOW	NONE

Impact

Confidentiality	Integrity	Availability
NONE	NONE	PARTIAL

cvss-vector via4

AV:N/AC:L/Au:N/C:N/I:N/A:P

refmap via4

fedora	FEDORA-2020-1b390bec14 FEDORA-2020-1bf4b97c16 FEDORA-2020-9bda6ae1cd
misc	https://gitlab.com/wireshark/wireshark/-/commit/4a948427100b6c109f4ec7b4361f0d2aec5e5c3f https://gitlab.com/wireshark/wireshark/-/issues/16866 https://www.oracle.com/security-alerts/cpujan2021.html https://www.wireshark.org/security/wnpa-sec-2020-13.html
suse	openSUSE-SU-2020:1878 openSUSE-SU-2020:1882

Last major update

07-10-2022 - 15:19

Published

06-10-2020 - 15:15

Last modified

07-10-2022 - 15:19