CVE-2020-9430: Input Validation
First published: Thu Feb 27 2020(Updated: )
In Wireshark 3.2.0 to 3.2.1, 3.0.0 to 3.0.8, and 2.6.0 to 2.6.14, the WiMax DLMAP dissector could crash. This was addressed in plugins/epan/wimax/msg_dlmap.c by validating a length field.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Wireshark Wireshark | >=2.6.0<=2.6.14 | |
| Wireshark Wireshark | >=3.0.0<=3.0.8 | |
| Wireshark Wireshark | >=3.2.0<=3.2.1 | |
| Fedora | =30 | |
| Fedora | =31 | |
| Fedora | =32 | |
| openSUSE | =15.1 | |
| Debian | =9.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00027.html
- https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=16368
- https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=16383
- https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=6b98dc63701b1da1cc7681cb383dabb0b7007d73
- https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=93d6b03a67953b82880cdbdcf0d30e2a3246d790
- https://lists.debian.org/debian-lts-announce/2021/02/msg00008.html
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DZBICEY2HGSNQ3RPBLMDDYVAHGOGS4E2/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JDVMBCADP73TBISYCS6ARKOSNNJOGXXZ/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XN2GMGLT5XND7U34WX3O23WKUZ7JHMVN/
- https://security.gentoo.org/glsa/202007-13
- https://www.wireshark.org/security/wnpa-sec-2020-04.html
- https://code.wireshark.org/review/gitweb?p=wireshark.git%3Ba=commit%3Bh=93d6b03a67953b82880cdbdcf0d30e2a3246d790
- https://code.wireshark.org/review/gitweb?p=wireshark.git%3Ba=commit%3Bh=6b98dc63701b1da1cc7681cb383dabb0b7007d73
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DZBICEY2HGSNQ3RPBLMDDYVAHGOGS4E2/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JDVMBCADP73TBISYCS6ARKOSNNJOGXXZ/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XN2GMGLT5XND7U34WX3O23WKUZ7JHMVN/
Frequently Asked Questions
What is the severity of CVE-2020-9430?
CVE-2020-9430 has been assigned a medium severity rating due to potential crashes in Wireshark.
How do I fix CVE-2020-9430?
To fix CVE-2020-9430, upgrade Wireshark to version 3.2.2 or later.
Which versions of Wireshark are affected by CVE-2020-9430?
CVE-2020-9430 affects Wireshark versions 2.6.0 to 2.6.14, 3.0.0 to 3.0.8, and 3.2.0 to 3.2.1.
Is CVE-2020-9430 related to WiMax DLMAP dissector functionality?
Yes, CVE-2020-9430 concerns a vulnerability in the WiMax DLMAP dissector that could lead to crashes.
What should I do if I cannot upgrade Wireshark to fix CVE-2020-9430?
If you cannot upgrade, consider disabling the WiMax DLMAP dissector to mitigate the risk associated with CVE-2020-9430.
- agent/type
- agent/remedy
- collector/mitre-cve
- source/MITRE
- agent/references
- agent/last-modified-date
- agent/severity
- agent/weakness
- agent/author
- agent/event
- agent/first-publish-date
- agent/description
- agent/source
- agent/softwarecombine
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/wireshark
- canonical/wireshark wireshark
- version/wireshark wireshark/2.6.0
- version/wireshark wireshark/2.6.14
- version/wireshark wireshark/3.0.0
- version/wireshark wireshark/3.0.8
- version/wireshark wireshark/3.2.0
- version/wireshark wireshark/3.2.1
- vendor/fedoraproject
- canonical/fedora
- version/fedora/30
- version/fedora/31
- version/fedora/32
- vendor/opensuse
- canonical/opensuse
- version/opensuse/15.1
- vendor/debian
- canonical/debian
- version/debian/9.0