CVE-2020-26421

NameCVE-2020-26421
DescriptionCrash in USB HID protocol dissector and possibly other dissectors in Wireshark 3.4.0 and 3.2.0 to 3.2.8 allows denial of service via packet injection or crafted capture file.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more)
ReferencesDLA-2547-1

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
wireshark (PTS)jessie, jessie (lts)1.12.1+g01b65bf-4+deb8u19vulnerable
stretch (security)2.6.20-0+deb9u3fixed
stretch (lts), stretch2.6.20-0+deb10u9~deb9u1fixed
buster, buster (lts)2.6.20-0+deb10u9fixed
buster (security)2.6.20-0+deb10u8fixed
bullseye3.4.10-0+deb11u1fixed
bullseye (security)3.4.16-0+deb11u1fixed
bookworm4.0.17-0+deb12u1fixed
bookworm (security)4.0.11-1~deb12u1fixed
sid, trixie4.4.2-1fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
wiresharksourcejessie(unfixed)end-of-life
wiresharksourcestretch2.6.20-0+deb9u1DLA-2547-1
wiresharksourcebuster2.6.20-0+deb10u1
wiresharksource(unstable)3.4.1-1

Notes

https://gitlab.com/wireshark/wireshark/-/commit/d5f2657825e63e4126ebd7d13a59f3c6e8a9e4e1
https://gitlab.com/wireshark/wireshark/-/issues/16958
https://www.wireshark.org/security/wnpa-sec-2020-17.html

Search for package or bug name: Reporting problems