CVE-2020-25866
- Source
- https://cve.org/CVERecord?id=CVE-2020-25866
- Import Source
- https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2020-25866.json
- JSON Data
- https://api.osv.dev/v1/vulns/CVE-2020-25866
- Downstream
- Related
- Published
- 2020-10-06T15:15:15.413Z
- Modified
- 2026-03-10T23:15:45.273109Z
- Severity
-
- 7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVSS Calculator
- Summary
- [none]
- Details
-
In Wireshark 3.2.0 to 3.2.6 and 3.0.0 to 3.0.13, the BLIP protocol dissector has a NULL pointer dereference because a buffer was sized for compressed (not uncompressed) messages. This was addressed in epan/dissectors/packet-blip.c by allowing reasonable compression ratios and rejecting ZIP bombs.
- References
-
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZUHMK5HYTUUDXA64T2TAMAFMYV674QBW/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4DQHPKZFQ7W3X34RYN3FWFYCFJD4FXJW/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6IGRYKW4XLR44YDWTAH547ODYYBYPB2D/
- http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00038.html
- https://www.wireshark.org/security/wnpa-sec-2020-13.html
- http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00035.html
- https://gitlab.com/wireshark/wireshark/-/issues/16866
- https://www.oracle.com/security-alerts/cpujan2021.html
- https://gitlab.com/wireshark/wireshark/-/commit/4a948427100b6c109f4ec7b4361f0d2aec5e5c3f
Affected packages
Git / github.com/wireshark/wireshark
Affected ranges
- Type
- GIT
- Repo
- https://github.com/wireshark/wireshark
- Events
-
IntroducedLast affectedIntroducedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affected
- Database specific
{ "versions": [ { "introduced": "3.0.0" }, { "last_affected": "3.0.13" }, { "introduced": "3.2.0" }, { "last_affected": "3.2.6" }, { "introduced": "0" }, { "last_affected": "32" } ] }
- Type
- Repo
- https://gitlab.com/wireshark/wireshark
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed4a948427100b6c109f4ec7b4361f0d2aec5e5c3f
Affected versions
v3.*
v3.0.0
v3.0.1
v3.0.10
v3.0.10rc0
v3.0.11
v3.0.11rc0
v3.0.12
v3.0.12rc0
v3.0.13
v3.0.13rc0
v3.0.1rc0
v3.0.2
v3.0.2rc0
v3.0.3
v3.0.3rc0
v3.0.4
v3.0.4rc0
v3.0.5
v3.0.5rc0
v3.0.6
v3.0.6rc0
v3.0.7
v3.0.7rc0
v3.0.8
v3.0.8rc0
v3.0.9
v3.0.9rc0
v3.2.0
v3.2.1
v3.2.1rc0
v3.2.2
v3.2.2rc0
v3.2.3
v3.2.3rc0
v3.2.4
v3.2.4rc0
v3.2.5
v3.2.5rc0
v3.2.6
v3.2.6rc0
wireshark-3.*
wireshark-3.0.0
wireshark-3.0.1
wireshark-3.0.10
wireshark-3.0.11
wireshark-3.0.12
wireshark-3.0.13
wireshark-3.0.2
wireshark-3.0.3
wireshark-3.0.4
wireshark-3.0.5
wireshark-3.0.6
wireshark-3.0.7
wireshark-3.0.8
wireshark-3.0.9
wireshark-3.2.0
wireshark-3.2.1
wireshark-3.2.2
wireshark-3.2.3
wireshark-3.2.4
wireshark-3.2.5
wireshark-3.2.6
Database specific
unresolved_ranges
[
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "31"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "33"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "15.1"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "15.2"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "8.8"
}
]
}
]
source
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2020-25866.json"