7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:N/I:N/A:P
0.002 Low
EPSS
Percentile
58.1%
Severity: Low
Date : 2020-07-18
CVE-ID : CVE-2020-15466
Package : wireshark-cli
Type : denial of service
Remote : Yes
Link : https://security.archlinux.org/AVG-1198
The package wireshark-cli before version 3.2.5-1 is vulnerable to
denial of service.
Upgrade to 3.2.5-1.
The problem has been fixed upstream in version 3.2.5.
None.
An infinite loop has been found in the GVCP dissector of Wireshark
before 3.2.5. It may be possible to make Wireshark consume excessive
CPU resources by injecting a malformed packet onto the wire or by
convincing someone to read a malformed packet trace file.
A remote attacker is able use specially crafted packets to perform a
denial of service attack.
https://www.wireshark.org/security/wnpa-sec-2020-09
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=16029
https://code.wireshark.org/review/#/c/37618/
https://security.archlinux.org/CVE-2020-15466
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
ArchLinux | any | any | wireshark-cli | < 3.2.5-1 | UNKNOWN |
7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:N/I:N/A:P
0.002 Low
EPSS
Percentile
58.1%