CVE-2020-26575 — HIGH (7.5)

Q: How severe is CVE-2020-26575?

CVE-2020-26575 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2020-26575?

Check the references section above for vendor advisories and patch information. Affected products include: Wireshark Wireshark, Fedoraproject Fedora, Debian Debian Linux, Oracle Zfs Storage Appliance Firmware, Oracle Zfs Storage Appliance.

Vulnerability Description

In Wireshark through 3.2.7, the Facebook Zero Protocol (aka FBZERO) dissector could enter an infinite loop. This was addressed in epan/dissectors/packet-fbzero.c by correcting the implementation of offset advancement.

CVSS Score

7.5

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

NONE

Integrity

NONE

Availability

HIGH

Affected Products

Vendor	Product	Versions
Wireshark	Wireshark	<= 3.2.7
Fedoraproject	Fedora	32
Debian	Debian Linux	9.0
Oracle	Zfs Storage Appliance Firmware	8.8
Oracle	Zfs Storage Appliance	-

Related Weaknesses (CWE)

CWE-835

References

https://gitlab.com/wireshark/wireshark/-/commit/3ff940652962c099b73ae3233322b869PatchThird Party Advisory
https://gitlab.com/wireshark/wireshark/-/issues/16887Broken Link
https://gitlab.com/wireshark/wireshark/-/merge_requests/467PatchThird Party Advisory
https://gitlab.com/wireshark/wireshark/-/merge_requests/471PatchThird Party Advisory
https://gitlab.com/wireshark/wireshark/-/merge_requests/472PatchThird Party Advisory
https://gitlab.com/wireshark/wireshark/-/merge_requests/473PatchThird Party Advisory
https://lists.debian.org/debian-lts-announce/2021/02/msg00008.htmlMailing ListThird Party Advisory
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedorapro
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedorapro
https://security.gentoo.org/glsa/202011-08Third Party Advisory
https://www.oracle.com/security-alerts/cpujan2021.htmlThird Party Advisory
https://www.wireshark.org/security/wnpa-sec-2020-14.htmlVendor Advisory
https://gitlab.com/wireshark/wireshark/-/commit/3ff940652962c099b73ae3233322b869PatchThird Party Advisory
https://gitlab.com/wireshark/wireshark/-/issues/16887Broken Link
https://gitlab.com/wireshark/wireshark/-/merge_requests/467PatchThird Party Advisory

FAQ

What is CVE-2020-26575?

CVE-2020-26575 is a vulnerability with a CVSS score of 7.5 (HIGH). In Wireshark through 3.2.7, the Facebook Zero Protocol (aka FBZERO) dissector could enter an infinite loop. This was addressed in epan/dissectors/packet-fbzero.c by correcting the implementation of of...

How severe is CVE-2020-26575?

CVE-2020-26575 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2020-26575?

Check the references section above for vendor advisories and patch information. Affected products include: Wireshark Wireshark, Fedoraproject Fedora, Debian Debian Linux, Oracle Zfs Storage Appliance Firmware, Oracle Zfs Storage Appliance.