CVE Details for CVE: CVE-2020-25863
Summary
In Wireshark 3.2.0 to 3.2.6, 3.0.0 to 3.0.13, and 2.6.0 to 2.6.20, the MIME Multipart dissector could crash. This was addressed in epan/dissectors/packet-multipart.c by correcting the deallocation of invalid MIME parts.
| Timestamps | |
|---|---|
| Last major update | 07-11-2023 - 03:20 |
| Published | 06-10-2020 - 15:15 |
| Last modified | 07-11-2023 - 03:20 |
References
- https://www.wireshark.org/security/wnpa-sec-2020-11.html
- https://gitlab.com/wireshark/wireshark/-/issues/16741
- https://gitlab.com/wireshark/wireshark/-/commit/5803c7b87b3414cdb8bf502af50bb406ca774482
- http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00035.html
- http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00038.html
- https://www.oracle.com/security-alerts/cpujan2021.html
- https://lists.debian.org/debian-lts-announce/2021/02/msg00008.html
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6IGRYKW4XLR44YDWTAH547ODYYBYPB2D/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4DQHPKZFQ7W3X34RYN3FWFYCFJD4FXJW/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZUHMK5HYTUUDXA64T2TAMAFMYV674QBW/
Vulnerable Configurations
-
cpe:2.3:a:wireshark:wireshark:2.6.0:*:*:*:*:*:*:*
cpe:2.3:a:wireshark:wireshark:2.6.0:*:*:*:*:*:*:*
-
cpe:2.3:a:wireshark:wireshark:2.6.1:*:*:*:*:*:*:*
cpe:2.3:a:wireshark:wireshark:2.6.1:*:*:*:*:*:*:*
-
cpe:2.3:a:wireshark:wireshark:2.6.2:*:*:*:*:*:*:*
cpe:2.3:a:wireshark:wireshark:2.6.2:*:*:*:*:*:*:*
-
cpe:2.3:a:wireshark:wireshark:2.6.3:*:*:*:*:*:*:*
cpe:2.3:a:wireshark:wireshark:2.6.3:*:*:*:*:*:*:*
-
cpe:2.3:a:wireshark:wireshark:2.6.4:*:*:*:*:*:*:*
cpe:2.3:a:wireshark:wireshark:2.6.4:*:*:*:*:*:*:*
-
cpe:2.3:a:wireshark:wireshark:2.6.5:*:*:*:*:*:*:*
cpe:2.3:a:wireshark:wireshark:2.6.5:*:*:*:*:*:*:*
-
cpe:2.3:a:wireshark:wireshark:2.6.6:*:*:*:*:*:*:*
cpe:2.3:a:wireshark:wireshark:2.6.6:*:*:*:*:*:*:*
-
cpe:2.3:a:wireshark:wireshark:2.6.7:*:*:*:*:*:*:*
cpe:2.3:a:wireshark:wireshark:2.6.7:*:*:*:*:*:*:*
-
cpe:2.3:a:wireshark:wireshark:2.6.8:*:*:*:*:*:*:*
cpe:2.3:a:wireshark:wireshark:2.6.8:*:*:*:*:*:*:*
-
cpe:2.3:a:wireshark:wireshark:2.6.9:*:*:*:*:*:*:*
cpe:2.3:a:wireshark:wireshark:2.6.9:*:*:*:*:*:*:*
-
cpe:2.3:a:wireshark:wireshark:2.6.10:*:*:*:*:*:*:*
cpe:2.3:a:wireshark:wireshark:2.6.10:*:*:*:*:*:*:*
-
cpe:2.3:a:wireshark:wireshark:2.6.11:*:*:*:*:*:*:*
cpe:2.3:a:wireshark:wireshark:2.6.11:*:*:*:*:*:*:*
-
cpe:2.3:a:wireshark:wireshark:2.6.12:*:*:*:*:*:*:*
cpe:2.3:a:wireshark:wireshark:2.6.12:*:*:*:*:*:*:*
-
cpe:2.3:a:wireshark:wireshark:2.6.13:*:*:*:*:*:*:*
cpe:2.3:a:wireshark:wireshark:2.6.13:*:*:*:*:*:*:*
-
cpe:2.3:a:wireshark:wireshark:2.6.14:*:*:*:*:*:*:*
cpe:2.3:a:wireshark:wireshark:2.6.14:*:*:*:*:*:*:*
-
cpe:2.3:a:wireshark:wireshark:2.6.15:*:*:*:*:*:*:*
cpe:2.3:a:wireshark:wireshark:2.6.15:*:*:*:*:*:*:*
-
cpe:2.3:a:wireshark:wireshark:2.6.16:*:*:*:*:*:*:*
cpe:2.3:a:wireshark:wireshark:2.6.16:*:*:*:*:*:*:*
-
cpe:2.3:a:wireshark:wireshark:2.6.17:*:*:*:*:*:*:*
cpe:2.3:a:wireshark:wireshark:2.6.17:*:*:*:*:*:*:*
-
cpe:2.3:a:wireshark:wireshark:2.6.18:*:*:*:*:*:*:*
cpe:2.3:a:wireshark:wireshark:2.6.18:*:*:*:*:*:*:*
-
cpe:2.3:a:wireshark:wireshark:2.6.19:*:*:*:*:*:*:*
cpe:2.3:a:wireshark:wireshark:2.6.19:*:*:*:*:*:*:*
-
cpe:2.3:a:wireshark:wireshark:2.6.20:*:*:*:*:*:*:*
cpe:2.3:a:wireshark:wireshark:2.6.20:*:*:*:*:*:*:*
-
cpe:2.3:a:wireshark:wireshark:3.0.0:*:*:*:*:*:*:*
cpe:2.3:a:wireshark:wireshark:3.0.0:*:*:*:*:*:*:*
-
cpe:2.3:a:wireshark:wireshark:3.0.1:*:*:*:*:*:*:*
cpe:2.3:a:wireshark:wireshark:3.0.1:*:*:*:*:*:*:*
-
cpe:2.3:a:wireshark:wireshark:3.0.2:*:*:*:*:*:*:*
cpe:2.3:a:wireshark:wireshark:3.0.2:*:*:*:*:*:*:*
-
cpe:2.3:a:wireshark:wireshark:3.0.3:*:*:*:*:*:*:*
cpe:2.3:a:wireshark:wireshark:3.0.3:*:*:*:*:*:*:*
-
cpe:2.3:a:wireshark:wireshark:3.0.4:*:*:*:*:*:*:*
cpe:2.3:a:wireshark:wireshark:3.0.4:*:*:*:*:*:*:*
-
cpe:2.3:a:wireshark:wireshark:3.0.5:*:*:*:*:*:*:*
cpe:2.3:a:wireshark:wireshark:3.0.5:*:*:*:*:*:*:*
-
cpe:2.3:a:wireshark:wireshark:3.0.6:*:*:*:*:*:*:*
cpe:2.3:a:wireshark:wireshark:3.0.6:*:*:*:*:*:*:*
-
cpe:2.3:a:wireshark:wireshark:3.0.7:*:*:*:*:*:*:*
cpe:2.3:a:wireshark:wireshark:3.0.7:*:*:*:*:*:*:*
-
cpe:2.3:a:wireshark:wireshark:3.0.8:*:*:*:*:*:*:*
cpe:2.3:a:wireshark:wireshark:3.0.8:*:*:*:*:*:*:*
-
cpe:2.3:a:wireshark:wireshark:3.0.9:*:*:*:*:*:*:*
cpe:2.3:a:wireshark:wireshark:3.0.9:*:*:*:*:*:*:*
-
cpe:2.3:a:wireshark:wireshark:3.0.10:*:*:*:*:*:*:*
cpe:2.3:a:wireshark:wireshark:3.0.10:*:*:*:*:*:*:*
-
cpe:2.3:a:wireshark:wireshark:3.0.11:*:*:*:*:*:*:*
cpe:2.3:a:wireshark:wireshark:3.0.11:*:*:*:*:*:*:*
-
cpe:2.3:a:wireshark:wireshark:3.0.12:*:*:*:*:*:*:*
cpe:2.3:a:wireshark:wireshark:3.0.12:*:*:*:*:*:*:*
-
cpe:2.3:a:wireshark:wireshark:3.0.13:*:*:*:*:*:*:*
cpe:2.3:a:wireshark:wireshark:3.0.13:*:*:*:*:*:*:*
-
cpe:2.3:a:wireshark:wireshark:3.2.0:*:*:*:*:*:*:*
cpe:2.3:a:wireshark:wireshark:3.2.0:*:*:*:*:*:*:*
-
cpe:2.3:a:wireshark:wireshark:3.2.1:*:*:*:*:*:*:*
cpe:2.3:a:wireshark:wireshark:3.2.1:*:*:*:*:*:*:*
-
cpe:2.3:a:wireshark:wireshark:3.2.2:*:*:*:*:*:*:*
cpe:2.3:a:wireshark:wireshark:3.2.2:*:*:*:*:*:*:*
-
cpe:2.3:a:wireshark:wireshark:3.2.3:*:*:*:*:*:*:*
cpe:2.3:a:wireshark:wireshark:3.2.3:*:*:*:*:*:*:*
-
cpe:2.3:a:wireshark:wireshark:3.2.4:*:*:*:*:*:*:*
cpe:2.3:a:wireshark:wireshark:3.2.4:*:*:*:*:*:*:*
-
cpe:2.3:a:wireshark:wireshark:3.2.5:*:*:*:*:*:*:*
cpe:2.3:a:wireshark:wireshark:3.2.5:*:*:*:*:*:*:*
-
cpe:2.3:a:wireshark:wireshark:3.2.6:*:*:*:*:*:*:*
cpe:2.3:a:wireshark:wireshark:3.2.6:*:*:*:*:*:*:*
-
cpe:2.3:o:fedoraproject:fedora:31:*:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:31:*:*:*:*:*:*:*
-
cpe:2.3:o:fedoraproject:fedora:32:*:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:32:*:*:*:*:*:*:*
-
cpe:2.3:o:fedoraproject:fedora:33:*:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:33:*:*:*:*:*:*:*
-
cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*
cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*
-
cpe:2.3:o:opensuse:leap:15.2:*:*:*:*:*:*:*
cpe:2.3:o:opensuse:leap:15.2:*:*:*:*:*:*:*
-
cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*
-
cpe:2.3:o:oracle:zfs_storage_appliance_firmware:8.8:*:*:*:*:*:*:*
cpe:2.3:o:oracle:zfs_storage_appliance_firmware:8.8:*:*:*:*:*:*:*
-
cpe:2.3:h:oracle:zfs_storage_appliance:-:*:*:*:*:*:*:*
cpe:2.3:h:oracle:zfs_storage_appliance:-:*:*:*:*:*:*:*
CWE
CVSS
Base
5.0
Impact
2.9
Exploitability
10.0
Access
| Vector | Complexity | Authentication |
|---|---|---|
| NETWORK | LOW | NONE |
Impact
| Confidentiality | Integrity | Availability |
|---|---|---|
| NONE | NONE | PARTIAL |
CVSS3
Base
7.5
Impact
3.6
Exploitability
3.9
Access
| Attack Complexity | Attack vector | Privileges Required | Scope | User Interaction |
|---|---|---|---|---|
| LOW | NETWORK | NONE | UNCHANGED | NONE |
Impact
| Confidentiality | Integrity | Availability |
|---|---|---|
| NONE | NONE | HIGH |