CVE-2020-26421
Published: 11 December 2020
Crash in USB HID protocol dissector and possibly other dissectors in Wireshark 3.4.0 and 3.2.0 to 3.2.8 allows denial of service via packet injection or crafted capture file.
Priority
Status
| Package | Release | Status |
|---|---|---|
|
wireshark Launchpad, Ubuntu, Debian |
bionic |
Needed
|
| focal |
Needed
|
|
| groovy |
Ignored
(end of life)
|
|
| hirsute |
Not vulnerable
(3.4.4-1ubuntu1)
|
|
| impish |
Not vulnerable
(3.4.4-1ubuntu1)
|
|
| jammy |
Not vulnerable
(3.4.4-1ubuntu1)
|
|
| kinetic |
Not vulnerable
(3.4.4-1ubuntu1)
|
|
| lunar |
Not vulnerable
(3.4.4-1ubuntu1)
|
|
| mantic |
Not vulnerable
(3.4.4-1ubuntu1)
|
|
| trusty |
Needed
|
|
| upstream |
Released
(3.4.1-1)
|
|
| xenial |
Needed
|
Severity score breakdown
| Parameter | Value |
|---|---|
| Base score | 5.3 |
| Attack vector | Network |
| Attack complexity | Low |
| Privileges required | None |
| User interaction | None |
| Scope | Unchanged |
| Confidentiality | None |
| Integrity impact | None |
| Availability impact | Low |
| Vector | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L |
References
- https://gitlab.com/wireshark/wireshark/-/issues/16958
- https://www.wireshark.org/security/wnpa-sec-2020-17.html
- https://gitlab.com/gitlab-org/cves/-/blob/master/2020/CVE-2020-26421.json
- https://gitlab.com/wireshark/wireshark/-/commit/61f17d3c2112f5a9da40a33417b778bf66a10aee
- https://www.cve.org/CVERecord?id=CVE-2020-26421
- NVD
- Launchpad
- Debian