Vulnerabilities > CVE-2020-15466 - Infinite Loop vulnerability in multiple products

CVSS 7.5 - HIGH

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

NONE

Integrity impact

NONE

Availability impact

HIGH

network

low complexity

NVD

Published: 2020-07-05

Updated: 2023-11-07

Summary

In Wireshark 3.2.0 to 3.2.4, the GVCP dissector could go into an infinite loop. This was addressed in epan/dissectors/packet-gvcp.c by ensuring that an offset increases in all situations.

Vulnerable Configurations

Part	Description	Count
Application	Wireshark Wireshark Wireshark 3.2.0 Wireshark Wireshark 3.2.1 Wireshark Wireshark 3.2.2 Wireshark Wireshark 3.2.3 Wireshark Wireshark 3.2.4	5
OS	Opensuse Opensuse Leap 15.1 Opensuse Leap 15.2	2
OS	Debian Debian Debian Linux 9.0	1

Common Weakness Enumeration (CWE)

CWE-835 - Loop with Unreachable Exit Condition ('Infinite Loop')

References

https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=16029
https://www.wireshark.org/security/wnpa-sec-2020-09.html
https://security.gentoo.org/glsa/202007-13
http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00026.html
http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00038.html
https://lists.debian.org/debian-lts-announce/2021/02/msg00008.html
https://code.wireshark.org/review/gitweb?p=wireshark.git%3Ba=commit%3Bh=11f40896b696e4e8c7f8b2ad96028404a83a51a4