wnpa-sec-2020-09 · GVCP dissector infinite loop
Summary
Name: GVCP dissector infinite loop
Docid: wnpa-sec-2020-09
Date: July 1, 2020
Affected versions: 3.2.0 to 3.2.4
Fixed versions: 3.2.5
References:
Wireshark issue 16029.
CVE-2020-15466.
Details
Description
The GVCP dissector could go into an infinite loop.
Impact
It may be possible to make Wireshark consume excessive CPU resources by injecting a malformed packet onto the wire or by convincing someone to read a malformed packet trace file.
Resolution
Upgrade to Wireshark 3.2.5 or later.