[ASA-202011-13] wireshark-cli: denial of service
Arch Linux Security Advisory ASA-202011-13 ========================================== Severity: Low Date : 2020-11-17 CVE-ID : CVE-2020-28030 Package : wireshark-cli Type : denial of service Remote : Yes Link : https://security.archlinux.org/AVG-1258 Summary ======= The package wireshark-cli before version 3.4.0-1 is vulnerable to denial of service. Resolution ========== Upgrade to 3.4.0-1. # pacman -Syu "wireshark-cli>=3.4.0-1" The problem has been fixed upstream in version 3.4.0. Workaround ========== None. Description =========== A resource exhaustion issue has been found in the GQUIC decoder of Wireshark before 3.2.8. Impact ====== A remote attacker might be able to crash Wireshark via a crafted network capture file or packet. References ========== https://www.wireshark.org/security/wnpa-sec-2020-15.html https://gitlab.com/wireshark/wireshark/-/issues/16887 https://gitlab.com/wireshark/wireshark/-/commit/b287e7165e8aa89cde6ae37e7c25... https://security.archlinux.org/CVE-2020-28030
participants (1)
-
Morten Linderud