7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:N/I:N/A:P
In Wireshark 3.2.0 to 3.2.4, the GVCP dissector could go into an infinite loop. This was addressed in epan/dissectors/packet-gvcp.c by ensuring that an offset increases in all situations.
Recent assessments:
M4ximuss at July 12, 2020 1:32am UTC reported:
This is a denial of service condition against unpatched Wireshark clients for Windows. From Wireshark website βIt may be possible to make Wireshark consume excessive CPU resources by injecting a malformed packet onto the wire or by convincing someone to read a malformed packet trace file.β In other words, the worst case scenario is you crash Wireshark, and the user simply has to restart the client.
Solution is to upgrade to Wireshark 3.2.5 or later.
Assessed Attacker Value: 1
Assessed Attacker Value: 1Assessed Attacker Value: 2
lists.opensuse.org/opensuse-security-announce/2020-08/msg00026.html
lists.opensuse.org/opensuse-security-announce/2020-08/msg00038.html
bugs.wireshark.org/bugzilla/show_bug.cgi?id=16029
code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=11f40896b696e4e8c7f8b2ad96028404a83a51a4
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15466
lists.debian.org/debian-lts-announce/2021/02/msg00008.html
security.gentoo.org/glsa/202007-13
www.wireshark.org/security/wnpa-sec-2020-09.html
7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:N/I:N/A:P