CVE-2020-17498

In Wireshark 3.2.0 to 3.2.5, the Kafka protocol dissector could crash. This was addressed in epan/dissectors/packet-kafka.c by avoiding a double free during LZ4 decompression.

References

Affected packages

Git / github.com/wireshark/wireshark

Affected ranges

Type

GIT

Repo

https://github.com/wireshark/wireshark

Events

Introduced

e0ed4cfa3d72110257da54c26ad3a28d282ef454

Fixed

4f9257fb8ccce92b519d87c4cc905107ae09b5e9

Introduced

Last affected

fb2c25aa9c1b4a6f7e5a8c92a5c66503702553ac

Database specific

{
    "versions": [
        {
            "introduced": "3.2.0"
        },
        {
            "fixed": "3.2.6"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "32"
        }
    ]
}

Affected versions

Other

backups/ethereal@18706

backups/win32-native@18706

ethereal-0-3-15

start

ethereal-0.*

ethereal-0.3.15

v3.*

v3.2.0

v3.2.1

v3.2.1rc0

v3.2.2

v3.2.2rc0

v3.2.3

v3.2.3rc0

v3.2.4

v3.2.4rc0

v3.2.5

v3.2.5rc0

v3.2.6rc0

wireshark-3.*

wireshark-3.2.0

wireshark-3.2.1

wireshark-3.2.2

wireshark-3.2.3

wireshark-3.2.4

wireshark-3.2.5

Database specific

unresolved_ranges

[
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "31"
            }
        ]
    },
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "15.1"
            }
        ]
    },
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "15.2"
            }
        ]
    },
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "8.8"
            }
        ]
    }
]

source

"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2020-17498.json"