Vulnerabilities > CVE-2020-7045 - NULL Pointer Dereference vulnerability in multiple products

047910
CVSS 6.5 - MEDIUM
Attack vector
ADJACENT_NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
NONE
Integrity impact
NONE
Availability impact
HIGH
low complexity
wireshark
debian
CWE-476
nessus

Summary

In Wireshark 3.0.x before 3.0.8, the BT ATT dissector could crash. This was addressed in epan/dissectors/packet-btatt.c by validating opcodes.

Common Weakness Enumeration (CWE)

Nessus

  • NASL familyWindows
    NASL idWIRESHARK_3_0_8.NASL
    descriptionThe version of Wireshark installed on the remote Windows host is prior to 3.0.8. It is, therefore, affected by a denial of service (DoS) vulnerability in its Bluetooth Attribute dissector component due to insufficient packet processing logic. An unauthenticated, remote attacker can exploit this issue, by sending specially crafted packets to an affected host, to cause a DoS condition to occur in the component. Note that Nessus has not tested for this issue but has instead relied only on the application
    last seen2020-03-18
    modified2020-01-24
    plugin id133212
    published2020-01-24
    reporterThis script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/133212
    titleWireshark 3.0.x < 3.0.8 Denial of Service (DoS) Vulnerability
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    
    include('compat.inc');
    
    if (description)
    {
      script_id(133212);
      script_version("1.4");
      script_set_attribute(attribute:"plugin_modification_date", value:"2020/07/14");
    
      script_cve_id("CVE-2020-7045");
    
      script_name(english:"Wireshark 3.0.x < 3.0.8 Denial of Service (DoS) Vulnerability");
    
      script_set_attribute(attribute:"synopsis", value:
    "An application installed on the remote Windows host is affected by a vulnerability.");
      script_set_attribute(attribute:"description", value:
    "The version of Wireshark installed on the remote Windows host is prior to 3.0.8. It is, therefore, 
    affected by a denial of service (DoS) vulnerability in its Bluetooth Attribute dissector component 
    due to insufficient packet processing logic. An unauthenticated, remote attacker can exploit this 
    issue, by sending specially crafted packets to an affected host, to cause a DoS condition to occur 
    in the component. 
    
    Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version
    number.");
      script_set_attribute(attribute:"see_also", value:"https://www.wireshark.org/docs/relnotes/wireshark-3.0.8.html");
      script_set_attribute(attribute:"see_also", value:"https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=16258");
      script_set_attribute(attribute:"see_also", value:"https://www.wireshark.org/security/wnpa-sec-2020-02");
      script_set_attribute(attribute:"solution", value:
    "Upgrade to Wireshark version 3.0.8 or later.");
      script_set_cvss_base_vector("CVSS2#AV:A/AC:L/Au:N/C:N/I:N/A:P");
      script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H");
      script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
      script_set_attribute(attribute:"cvss_score_source", value:"CVE-2020-7045");
    
      script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2020/01/15");
      script_set_attribute(attribute:"patch_publication_date", value:"2020/01/15");
      script_set_attribute(attribute:"plugin_publication_date", value:"2020/01/24");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"cpe:/a:wireshark:wireshark");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_family(english:"Windows");
    
      script_copyright(english:"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.");
    
      script_dependencies("wireshark_installed.nasl");
      script_require_keys("installed_sw/Wireshark", "SMB/Registry/Enumerated");
    
      exit(0);
    }
    
    include('vcf.inc');
    get_kb_item_or_exit('SMB/Registry/Enumerated');
    
    app_info = vcf::get_app_info(app:'Wireshark', win_local:TRUE);
    
    constraints = [
      { 'min_version' : '3.0.0', 'fixed_version' : '3.0.8' }
    ];
    
    vcf::check_version_and_report(app_info:app_info, constraints:constraints, severity:SECURITY_NOTE);
    
  • NASL familyMacOS X Local Security Checks
    NASL idMACOSX_WIRESHARK_3_0_8.NASL
    descriptionThe version of Wireshark installed on the remote macOS / Mac OS X host is 3.0.x prior to 3.0.8. It is, therefore, affected by a denial of service (DoS) vulnerability in its Bluetooth Attribute dissector component due to insufficient packet processing logic. An unauthenticated, remote attacker can exploit this issue, by sending specially crafted packets to an affected host, to cause a DoS condition to occur in the component. Note that Nessus has not tested for this issue but has instead relied only on the application
    last seen2020-03-18
    modified2020-01-24
    plugin id133211
    published2020-01-24
    reporterThis script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/133211
    titleWireshark 3.0.x < 3.0.8 Denial of Service (DoS) Vulnerability (macOS)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    
    include('compat.inc');
    
    if (description)
    {
      script_id(133211);
      script_version("1.4");
      script_set_attribute(attribute:"plugin_modification_date", value:"2020/07/14");
    
      script_cve_id("CVE-2020-7045");
    
      script_name(english:"Wireshark 3.0.x < 3.0.8  Denial of Service (DoS) Vulnerability (macOS)");
    
      script_set_attribute(attribute:"synopsis", value:
    "An application installed on the remote macOS / Mac OS X host is affected by a vulnerability.");
      script_set_attribute(attribute:"description", value:
    "The version of Wireshark installed on the remote macOS / Mac OS X host is 3.0.x prior to 3.0.8. 
    It is, therefore, affected by a denial of service (DoS) vulnerability in its Bluetooth Attribute 
    dissector component due to insufficient packet processing logic. An unauthenticated, remote attacker 
    can exploit this issue, by sending specially crafted packets to an affected host, to cause a DoS 
    condition to occur in the component. 
    
    Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version
    number.");
      script_set_attribute(attribute:"see_also", value:"https://www.wireshark.org/docs/relnotes/wireshark-3.0.8.html");
      script_set_attribute(attribute:"see_also", value:"https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=16258");
      script_set_attribute(attribute:"see_also", value:"https://www.wireshark.org/security/wnpa-sec-2020-02");
      script_set_attribute(attribute:"solution", value:
    "Upgrade to Wireshark version 3.0.8 or later.");
      script_set_cvss_base_vector("CVSS2#AV:A/AC:L/Au:N/C:N/I:N/A:P");
      script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H");
      script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
      script_set_attribute(attribute:"cvss_score_source", value:"CVE-2020-7045");
    
      script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2020/01/15");
      script_set_attribute(attribute:"patch_publication_date", value:"2020/01/15");
      script_set_attribute(attribute:"plugin_publication_date", value:"2020/01/24");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"cpe:/a:wireshark:wireshark");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_family(english:"MacOS X Local Security Checks");
    
      script_copyright(english:"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.");
    
      script_dependencies("macosx_wireshark_installed.nbin");
      script_require_keys("installed_sw/Wireshark", "Host/MacOSX/Version", "Host/local_checks_enabled");
    
      exit(0);
    }
    
    include('vcf.inc');
    
    app_info = vcf::get_app_info(app:'Wireshark');
    
    constraints = [
      { 'min_version' : '3.0.0', 'fixed_version' : '3.0.8' }
    ];
    
    vcf::check_version_and_report(app_info:app_info, constraints:constraints, severity:SECURITY_NOTE);