CVE-2020-25863

HIGH

Wireshark <3.2.7, <3.0.14, <2.6.21 - Buffer Overflow

Title source: llm
STIX 2.1

Description

In Wireshark 3.2.0 to 3.2.6, 3.0.0 to 3.0.13, and 2.6.0 to 2.6.20, the MIME Multipart dissector could crash. This was addressed in epan/dissectors/packet-multipart.c by correcting the deallocation of invalid MIME parts.

References (10)

Core 10
Core References
Patch, Third Party Advisory x_refsource_misc
https://www.wireshark.org/security/wnpa-sec-2020-11.html
Exploit, Issue Tracking, Patch, Third Party Advisory x_refsource_misc
https://gitlab.com/wireshark/wireshark/-/issues/16741
Mailing List, Third Party Advisory vendor-advisory x_refsource_suse
http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00035.html
Mailing List, Third Party Advisory vendor-advisory x_refsource_suse
http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00038.html
Patch, Third Party Advisory x_refsource_misc
https://www.oracle.com/security-alerts/cpujan2021.html
Mailing List, Third Party Advisory mailing-list x_refsource_mlist
https://lists.debian.org/debian-lts-announce/2021/02/msg00008.html

Scores

CVSS v3 7.5
EPSS 0.0018
EPSS Percentile 39.3%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Details

Status published
Products (8)
debian/debian_linux 9.0
fedoraproject/fedora 31
fedoraproject/fedora 32
fedoraproject/fedora 33
opensuse/leap 15.1
opensuse/leap 15.2
oracle/zfs_storage_appliance_firmware 8.8
wireshark/wireshark 2.6.0 - 2.6.20
Published Oct 06, 2020
Tracked Since Feb 18, 2026