CVE-2020-9430

Published: Feb 27, 2020Modified: Nov 21, 2024

7.5

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Exploitability: 3.9 / Impact: 3.6

Source: NVD

Description

In Wireshark 3.2.0 to 3.2.1, 3.0.0 to 3.0.8, and 2.6.0 to 2.6.14, the WiMax DLMAP dissector could crash. This was addressed in plugins/epan/wimax/msg_dlmap.c by validating a length field.

Affected (8)

Products: Wireshark: Wireshark · Fedoraproject: Fedora · Opensuse: Leap · +1 more

Show all products

Wireshark: Wireshark · Fedoraproject: Fedora · Opensuse: Leap · Debian: Debian Linux

1 product

1 product

1 product

1 product

Configuration A

3 vulnerable

Vulnerable Software	Affected Versions
Wireshark Wireshark	From 2.6.0 to 2.6.14
Wireshark Wireshark	From 3.0.0 to 3.0.8
Wireshark Wireshark	From 3.2.0 to 3.2.1

Configuration B

3 vulnerable

Vulnerable Software	Affected Versions
Fedoraproject Fedora	Version 30
Fedoraproject Fedora	Version 31
Fedoraproject Fedora	Version 32

Configuration C

1 vulnerable

Vulnerable Software	Affected Versions
Opensuse Leap	Version 15.1

Configuration D

1 vulnerable

Vulnerable Software	Affected Versions
Debian Debian Linux	Version 9.0

Related CWEs

CWE-20

Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

References (22)

http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00027.html

Source: cve@mitre.org

Mailing ListThird Party Advisory

https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=16368

Source: cve@mitre.org

ExploitIssue TrackingVendor Advisory

https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=16383

Source: cve@mitre.org

ExploitIssue TrackingVendor Advisory

https://code.wireshark.org/review/gitweb?p=wireshark.git%3Ba=commit%3Bh=6b98dc63701b1da1cc7681cb383dabb0b7007d73

Source: cve@mitre.org

https://code.wireshark.org/review/gitweb?p=wireshark.git%3Ba=commit%3Bh=93d6b03a67953b82880cdbdcf0d30e2a3246d790

Source: cve@mitre.org

https://lists.debian.org/debian-lts-announce/2021/02/msg00008.html

Source: cve@mitre.org

Mailing ListThird Party Advisory

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DZBICEY2HGSNQ3RPBLMDDYVAHGOGS4E2/

Source: cve@mitre.org

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JDVMBCADP73TBISYCS6ARKOSNNJOGXXZ/

Source: cve@mitre.org

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XN2GMGLT5XND7U34WX3O23WKUZ7JHMVN/

Source: cve@mitre.org

https://security.gentoo.org/glsa/202007-13

Source: cve@mitre.org

Third Party Advisory

https://www.wireshark.org/security/wnpa-sec-2020-04.html

Source: cve@mitre.org

Vendor Advisory

http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00027.html