Description
Crash in USB HID protocol dissector and possibly other dissectors in Wireshark 3.4.0 and 3.2.0 to 3.2.8 allows denial of service via packet injection or crafted capture file.
References (8)
Core 8
Core References
Vendor Advisory x_refsource_misc
https://www.wireshark.org/security/wnpa-sec-2020-17.html
Exploit, Issue Tracking, Third Party Advisory x_refsource_misc
https://gitlab.com/wireshark/wireshark/-/issues/16958
Third Party Advisory x_refsource_confirm
https://gitlab.com/gitlab-org/cves/-/blob/master/2020/CVE-2020-26421.json
Third Party Advisory vendor-advisory
x_refsource_gentoo
https://security.gentoo.org/glsa/202101-12
Mailing List, Third Party Advisory mailing-list
x_refsource_mlist
https://lists.debian.org/debian-lts-announce/2021/02/msg00008.html
Mailing List, Third Party Advisory vendor-advisory
x_refsource_fedora
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YHWDZPWQJMLK64VFDWJC5SEGPNH6Y72Z/
Mailing List, Third Party Advisory vendor-advisory
x_refsource_fedora
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/M75HYXU36SP6GHIDPHNZGJKEO6TX4C4Y/
Patch, Third Party Advisory x_refsource_misc
https://www.oracle.com/security-alerts/cpuApr2021.html
Scores
CVSS v3
4.2
EPSS
0.0010
EPSS Percentile
27.3%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:L
Details
CWE
CWE-125
Status
published
Products (6)
debian/debian_linux
9.0
fedoraproject/fedora
32
fedoraproject/fedora
33
oracle/zfs_storage_appliance_kit
8.8
wireshark/wireshark
3.4.0
wireshark/wireshark
3.2.0 - 3.2.8
Published
Dec 11, 2020
Tracked Since
Feb 18, 2026