7.5

CVE-2020-9430

Exploit
In Wireshark 3.2.0 to 3.2.1, 3.0.0 to 3.0.8, and 2.6.0 to 2.6.14, the WiMax DLMAP dissector could crash. This was addressed in plugins/epan/wimax/msg_dlmap.c by validating a length field.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
WiresharkWireshark Version >= 2.6.0 <= 2.6.14
WiresharkWireshark Version >= 3.0.0 <= 3.0.8
WiresharkWireshark Version >= 3.2.0 <= 3.2.1
FedoraprojectFedora Version30
FedoraprojectFedora Version31
FedoraprojectFedora Version32
OpensuseLeap Version15.1
DebianDebian Linux Version9.0
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 2.81% 0.847
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 7.5 3.9 3.6
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
nvd@nist.gov 5 10 2.9
AV:N/AC:L/Au:N/C:N/I:N/A:P
CWE-20 Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00027.html
Third Party Advisory
Mailing List
https://lists.debian.org/debian-lts-announce/2021/02/msg00008.html
Third Party Advisory
Mailing List
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DZBICEY2HGSNQ3RPBLMDDYVAHGOGS4E2/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JDVMBCADP73TBISYCS6ARKOSNNJOGXXZ/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XN2GMGLT5XND7U34WX3O23WKUZ7JHMVN/
https://security.gentoo.org/glsa/202007-13
Third Party Advisory
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=16368
Vendor Advisory
Exploit
Issue Tracking
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=16383
Vendor Advisory
Exploit
Issue Tracking
https://code.wireshark.org/review/gitweb?p=wireshark.git%3Ba=commit%3Bh=6b98dc63701b1da1cc7681cb383dabb0b7007d73
https://code.wireshark.org/review/gitweb?p=wireshark.git%3Ba=commit%3Bh=93d6b03a67953b82880cdbdcf0d30e2a3246d790
https://www.wireshark.org/security/wnpa-sec-2020-04.html
Vendor Advisory