CVE-2020-15466
First published: Sun Jul 05 2020(Updated: )
In Wireshark 3.2.0 to 3.2.4, the GVCP dissector could go into an infinite loop. This was addressed in epan/dissectors/packet-gvcp.c by ensuring that an offset increases in all situations.
Credit: cve@mitre.org cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Wireshark Wireshark | >=3.2.0<=3.2.4 | |
| openSUSE Leap | =15.1 | |
| openSUSE Leap | =15.2 | |
| Debian Debian Linux | =9.0 | |
| ubuntu/wireshark | <3.2.5-1 | 3.2.5-1 |
| ubuntu/wireshark | <3.2.3-1ubuntu0.1~ | 3.2.3-1ubuntu0.1~ |
| debian/wireshark | 2.6.20-0+deb10u4 2.6.20-0+deb10u8 3.4.10-0+deb11u1 4.0.11-1~deb12u1 4.2.2-1 4.2.2-1.1 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=16029
- https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=11f40896b696e4e8c7f8b2ad96028404a83a51a4
- https://www.wireshark.org/security/wnpa-sec-2020-09.html
- https://security.gentoo.org/glsa/202007-13
- http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00026.html
- http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00038.html
- https://lists.debian.org/debian-lts-announce/2021/02/msg00008.html
- https://launchpad.net/bugs/cve/CVE-2020-15466
- https://code.wireshark.org/review/gitweb?p=wireshark.git%3Ba=commit%3Bh=11f40896b696e4e8c7f8b2ad96028404a83a51a4
- https://security-tracker.debian.org/tracker/CVE-2020-15466
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15466
- https://ubuntu.com/security/notices/USN-6262-1
- https://nvd.nist.gov/vuln/detail/CVE-2020-15466
- https://ubuntu.com/security/CVE-2020-15466
Frequently Asked Questions
What is CVE-2020-15466?
CVE-2020-15466 is a vulnerability in Wireshark 3.2.0 to 3.2.4 that could cause the GVCP dissector to go into an infinite loop.
How does the GVCP dissector vulnerability in Wireshark impact me?
The GVCP dissector vulnerability in Wireshark could potentially lead to an infinite loop, which may cause denial of service or crash the application.
How can I fix the Wireshark GVCP dissector vulnerability (CVE-2020-15466)?
To fix the Wireshark GVCP dissector vulnerability, you need to update to version 3.2.5-1 or later on Ubuntu or version 2.6.20-0+deb10u4 or later on Debian.
Where can I find more information about CVE-2020-15466?
You can find more information about CVE-2020-15466 on the official Wireshark bugzilla page, the code review page, and the Wireshark security advisory page.
- collector/nvd-index
- agent/type
- collector/launchpad-cve
- source/Launchpad
- agent/author
- agent/first-publish-date
- collector/usn-cve
- source/Ubuntu
- agent/software-canonical-lookup
- collector/nvd-cve
- source/NVD
- agent/severity
- agent/remedy
- agent/references
- agent/weakness
- agent/description
- collector/security-tracker-debian
- source/Debian
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/event
- agent/trending
- agent/tags
- agent/source
- vendor/wireshark
- canonical/wireshark wireshark
- version/wireshark wireshark/3.2.0
- version/wireshark wireshark/3.2.4
- vendor/opensuse
- canonical/opensuse leap
- version/opensuse leap/15.1
- version/opensuse leap/15.2
- vendor/debian
- canonical/debian debian linux
- version/debian debian linux/9.0
- package-manager/ubuntu
- package-manager/debian