Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 760800 (CVE-2020-26422) - <net-analyzer/wireshark-3.4.2: QUIC dissector crash (CVE-2020-26422)
Summary: <net-analyzer/wireshark-3.4.2: QUIC dissector crash (CVE-2020-26422)
Status: RESOLVED FIXED
Alias: CVE-2020-26422
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal minor (vote)
Assignee: Gentoo Security
URL: https://www.wireshark.org/security/wn...
Whiteboard: B3 [glsa+]
Keywords:
Depends on:
Blocks: CVE-2020-26418, CVE-2020-26419, CVE-2020-26420, CVE-2020-26421
  Show dependency tree
 
Reported: 2020-12-20 02:59 UTC by Sam James
Modified: 2021-01-22 16:11 UTC (History)
3 users (show)

See Also:
Package list:
Runtime testing required: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Sam James archtester gentoo-dev Security 2020-12-20 02:59:31 UTC
Description
The QUIC dissector could crash.

Impact
It may be possible to make Wireshark crash by injecting a malformed packet onto the wire or by convincing someone to read a malformed packet trace file.
Comment 1 Larry the Git Cow gentoo-dev 2020-12-20 04:34:13 UTC
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=dd9e905c82b1eddf42123ed911c6c19e42d2876c

commit dd9e905c82b1eddf42123ed911c6c19e42d2876c
Author:     Sam James <sam@gentoo.org>
AuthorDate: 2020-12-20 04:34:04 +0000
Commit:     Sam James <sam@gentoo.org>
CommitDate: 2020-12-20 04:34:10 +0000

    net-analyzer/wireshark: bump to 3.4.2
    
    Bug: https://bugs.gentoo.org/760800
    Package-Manager: Portage-3.0.9, Repoman-3.0.2
    Signed-off-by: Sam James <sam@gentoo.org>

 net-analyzer/wireshark/Manifest               |   1 +
 net-analyzer/wireshark/wireshark-3.4.2.ebuild | 259 ++++++++++++++++++++++++++
 2 files changed, 260 insertions(+)
Comment 2 Sam James archtester gentoo-dev Security 2020-12-20 12:33:26 UTC
amd64 done
Comment 3 Sam James archtester gentoo-dev Security 2020-12-20 14:09:47 UTC
arm done
Comment 4 Thomas Deutschmann gentoo-dev Security 2020-12-20 16:31:36 UTC
x86 stable
Comment 5 Sam James archtester gentoo-dev Security 2020-12-23 00:09:35 UTC
arm64 done
Comment 6 Sam James archtester gentoo-dev Security 2020-12-23 22:46:48 UTC
ppc64 done

all arches done
Comment 7 Larry the Git Cow gentoo-dev 2020-12-23 22:59:41 UTC
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=181b6a478073f4f88bc41a164fe76516990a4bbd

commit 181b6a478073f4f88bc41a164fe76516990a4bbd
Author:     Sam James <sam@gentoo.org>
AuthorDate: 2020-12-23 22:59:34 +0000
Commit:     Sam James <sam@gentoo.org>
CommitDate: 2020-12-23 22:59:34 +0000

    net-analyzer/wireshark: security cleanup
    
    Bug: https://bugs.gentoo.org/760800
    Package-Manager: Portage-3.0.12-prefix, Repoman-3.0.2
    Signed-off-by: Sam James <sam@gentoo.org>

 net-analyzer/wireshark/Manifest               |   2 -
 net-analyzer/wireshark/wireshark-3.4.0.ebuild | 259 --------------------------
 net-analyzer/wireshark/wireshark-3.4.1.ebuild | 259 --------------------------
 3 files changed, 520 deletions(-)
Comment 8 GLSAMaker/CVETool Bot gentoo-dev 2021-01-22 16:11:44 UTC
This issue was resolved and addressed in
 GLSA 202101-12 at https://security.gentoo.org/glsa/202101-12
by GLSA coordinator Aaron Bauman (b-man).