Vulnerabilities > CVE-2020-7045 - NULL Pointer Dereference vulnerability in multiple products
Attack vector
ADJACENT_NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
NONE Integrity impact
NONE Availability impact
HIGH Summary
In Wireshark 3.0.x before 3.0.8, the BT ATT dissector could crash. This was addressed in epan/dissectors/packet-btatt.c by validating opcodes.
Vulnerable Configurations
Part | Description | Count |
---|---|---|
Application | 9 | |
OS | 1 |
Common Weakness Enumeration (CWE)
Nessus
NASL family Windows NASL id WIRESHARK_3_0_8.NASL description The version of Wireshark installed on the remote Windows host is prior to 3.0.8. It is, therefore, affected by a denial of service (DoS) vulnerability in its Bluetooth Attribute dissector component due to insufficient packet processing logic. An unauthenticated, remote attacker can exploit this issue, by sending specially crafted packets to an affected host, to cause a DoS condition to occur in the component. Note that Nessus has not tested for this issue but has instead relied only on the application last seen 2020-03-18 modified 2020-01-24 plugin id 133212 published 2020-01-24 reporter This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/133212 title Wireshark 3.0.x < 3.0.8 Denial of Service (DoS) Vulnerability code # # (C) Tenable Network Security, Inc. # include('compat.inc'); if (description) { script_id(133212); script_version("1.4"); script_set_attribute(attribute:"plugin_modification_date", value:"2020/07/14"); script_cve_id("CVE-2020-7045"); script_name(english:"Wireshark 3.0.x < 3.0.8 Denial of Service (DoS) Vulnerability"); script_set_attribute(attribute:"synopsis", value: "An application installed on the remote Windows host is affected by a vulnerability."); script_set_attribute(attribute:"description", value: "The version of Wireshark installed on the remote Windows host is prior to 3.0.8. It is, therefore, affected by a denial of service (DoS) vulnerability in its Bluetooth Attribute dissector component due to insufficient packet processing logic. An unauthenticated, remote attacker can exploit this issue, by sending specially crafted packets to an affected host, to cause a DoS condition to occur in the component. Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number."); script_set_attribute(attribute:"see_also", value:"https://www.wireshark.org/docs/relnotes/wireshark-3.0.8.html"); script_set_attribute(attribute:"see_also", value:"https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=16258"); script_set_attribute(attribute:"see_also", value:"https://www.wireshark.org/security/wnpa-sec-2020-02"); script_set_attribute(attribute:"solution", value: "Upgrade to Wireshark version 3.0.8 or later."); script_set_cvss_base_vector("CVSS2#AV:A/AC:L/Au:N/C:N/I:N/A:P"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"); script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C"); script_set_attribute(attribute:"cvss_score_source", value:"CVE-2020-7045"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"vuln_publication_date", value:"2020/01/15"); script_set_attribute(attribute:"patch_publication_date", value:"2020/01/15"); script_set_attribute(attribute:"plugin_publication_date", value:"2020/01/24"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"cpe:/a:wireshark:wireshark"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_family(english:"Windows"); script_copyright(english:"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof."); script_dependencies("wireshark_installed.nasl"); script_require_keys("installed_sw/Wireshark", "SMB/Registry/Enumerated"); exit(0); } include('vcf.inc'); get_kb_item_or_exit('SMB/Registry/Enumerated'); app_info = vcf::get_app_info(app:'Wireshark', win_local:TRUE); constraints = [ { 'min_version' : '3.0.0', 'fixed_version' : '3.0.8' } ]; vcf::check_version_and_report(app_info:app_info, constraints:constraints, severity:SECURITY_NOTE);
NASL family MacOS X Local Security Checks NASL id MACOSX_WIRESHARK_3_0_8.NASL description The version of Wireshark installed on the remote macOS / Mac OS X host is 3.0.x prior to 3.0.8. It is, therefore, affected by a denial of service (DoS) vulnerability in its Bluetooth Attribute dissector component due to insufficient packet processing logic. An unauthenticated, remote attacker can exploit this issue, by sending specially crafted packets to an affected host, to cause a DoS condition to occur in the component. Note that Nessus has not tested for this issue but has instead relied only on the application last seen 2020-03-18 modified 2020-01-24 plugin id 133211 published 2020-01-24 reporter This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/133211 title Wireshark 3.0.x < 3.0.8 Denial of Service (DoS) Vulnerability (macOS) code # # (C) Tenable Network Security, Inc. # include('compat.inc'); if (description) { script_id(133211); script_version("1.4"); script_set_attribute(attribute:"plugin_modification_date", value:"2020/07/14"); script_cve_id("CVE-2020-7045"); script_name(english:"Wireshark 3.0.x < 3.0.8 Denial of Service (DoS) Vulnerability (macOS)"); script_set_attribute(attribute:"synopsis", value: "An application installed on the remote macOS / Mac OS X host is affected by a vulnerability."); script_set_attribute(attribute:"description", value: "The version of Wireshark installed on the remote macOS / Mac OS X host is 3.0.x prior to 3.0.8. It is, therefore, affected by a denial of service (DoS) vulnerability in its Bluetooth Attribute dissector component due to insufficient packet processing logic. An unauthenticated, remote attacker can exploit this issue, by sending specially crafted packets to an affected host, to cause a DoS condition to occur in the component. Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number."); script_set_attribute(attribute:"see_also", value:"https://www.wireshark.org/docs/relnotes/wireshark-3.0.8.html"); script_set_attribute(attribute:"see_also", value:"https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=16258"); script_set_attribute(attribute:"see_also", value:"https://www.wireshark.org/security/wnpa-sec-2020-02"); script_set_attribute(attribute:"solution", value: "Upgrade to Wireshark version 3.0.8 or later."); script_set_cvss_base_vector("CVSS2#AV:A/AC:L/Au:N/C:N/I:N/A:P"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"); script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C"); script_set_attribute(attribute:"cvss_score_source", value:"CVE-2020-7045"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"vuln_publication_date", value:"2020/01/15"); script_set_attribute(attribute:"patch_publication_date", value:"2020/01/15"); script_set_attribute(attribute:"plugin_publication_date", value:"2020/01/24"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"cpe:/a:wireshark:wireshark"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_family(english:"MacOS X Local Security Checks"); script_copyright(english:"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof."); script_dependencies("macosx_wireshark_installed.nbin"); script_require_keys("installed_sw/Wireshark", "Host/MacOSX/Version", "Host/local_checks_enabled"); exit(0); } include('vcf.inc'); app_info = vcf::get_app_info(app:'Wireshark'); constraints = [ { 'min_version' : '3.0.0', 'fixed_version' : '3.0.8' } ]; vcf::check_version_and_report(app_info:app_info, constraints:constraints, severity:SECURITY_NOTE);
References
- https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=16258
- https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=16258
- https://code.wireshark.org/review/gitweb?p=wireshark.git%3Ba=commit%3Bh=01f261de41f4dd3233ef578e5c0ffb9c25c7d14d
- https://code.wireshark.org/review/gitweb?p=wireshark.git%3Ba=commit%3Bh=01f261de41f4dd3233ef578e5c0ffb9c25c7d14d
- https://lists.debian.org/debian-lts-announce/2021/02/msg00008.html
- https://lists.debian.org/debian-lts-announce/2021/02/msg00008.html
- https://www.wireshark.org/security/wnpa-sec-2020-02.html
- https://www.wireshark.org/security/wnpa-sec-2020-02.html