CVE-2020-26418

LOW

Wireshark <3.4.0, 3.2.0-3.2.8 - DoS

Title source: llm

Description

Memory leak in Kafka protocol dissector in Wireshark 3.4.0 and 3.2.0 to 3.2.8 allows denial of service via packet injection or crafted capture file.

References (8)

[Third Party Advisory] https://gitlab.com/gitlab-org/cves/-/blob/master/2020/CVE-2020-26418.json

View Writeup ZIP pw:eip

[Exploit, Issue Tracking, Third Party Advisory] https://gitlab.com/wireshark/wireshark/-/issues/16739

[Mailing List, Third Party Advisory] https://lists.debian.org/debian-lts-announce/2021/02/msg00008.html

[Mailing List, Third Party Advisory] https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/M75HYXU36SP6GHIDPHNZGJKEO6TX4C4Y/

[Third Party Advisory] https://security.gentoo.org/glsa/202101-12

[Patch, Third Party Advisory] https://www.oracle.com/security-alerts/cpuApr2021.html

[Vendor Advisory] https://www.wireshark.org/security/wnpa-sec-2020-16.html

[Mailing List, Third Party Advisory] https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YHWDZPWQJMLK64VFDWJC5SEGPNH6Y72Z/

Scores

CVSS v3 3.1

EPSS 0.0040

EPSS Percentile 60.6%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L

Classification

CWE

CWE-401

Status published

Affected Products (6)

wireshark/wireshark < 3.2.8

wireshark/wireshark

fedoraproject/fedora

fedoraproject/fedora

debian/debian_linux

oracle/zfs_storage_appliance_kit

Timeline

Published Dec 11, 2020

Tracked Since Feb 18, 2026