CVE-2020-25863

In Wireshark 3.2.0 to 3.2.6, 3.0.0 to 3.0.13, and 2.6.0 to 2.6.20, the MIME Multipart dissector could crash. This was addressed in epan/dissectors/packet-multipart.c by correcting the deallocation of invalid MIME parts.

References

Affected packages

Git / github.com/wireshark/wireshark

Affected ranges

Type: GIT
Repo: https://github.com/wireshark/wireshark
Events: Introduced

e0ed4cfa3d72110257da54c26ad3a28d282ef454

Introduced

937e33de60bcfcd6f68e7250e5e6914ae1d1e1e4

Introduced

c7239f0201292253817c7c4c9a394a47113ca55c

Affected versions

v2.*

v2.6.0

v2.6.1

v2.6.10

v2.6.10rc0

v2.6.11

v2.6.11rc0

v2.6.12

v2.6.12rc0

v2.6.13

v2.6.13rc0

v2.6.14

v2.6.14rc0

v2.6.15

v2.6.15rc0

v2.6.16

v2.6.16rc0

v2.6.17

v2.6.17rc0

v2.6.18

v2.6.18rc0

v2.6.19

v2.6.19rc0

v2.6.1rc0

v2.6.2

v2.6.20

v2.6.20rc0

v2.6.21rc0

v2.6.2rc0

v2.6.3

v2.6.3rc0

v2.6.4

v2.6.4rc0

v2.6.5

v2.6.5rc0

v2.6.6

v2.6.6rc0

v2.6.7

v2.6.7rc0

v2.6.8

v2.6.8rc0

v2.6.9

v2.6.9rc0

v3.*

v3.0.0

v3.0.1

v3.0.10

v3.0.10rc0

v3.0.11

v3.0.11rc0

v3.0.12

v3.0.12rc0

v3.0.13

v3.0.13rc0

v3.0.14

v3.0.14rc0

v3.0.15rc0

v3.0.1rc0

v3.0.2

v3.0.2rc0

v3.0.3

v3.0.3rc0

v3.0.4

v3.0.4rc0

v3.0.5

v3.0.5rc0

v3.0.6

v3.0.6rc0

v3.0.7

v3.0.7rc0

v3.0.8

v3.0.8rc0

v3.0.9

v3.0.9rc0

v3.2.0

v3.2.1

v3.2.10

v3.2.10rc0

v3.2.11

v3.2.11rc0

v3.2.12

v3.2.12rc0

v3.2.13

v3.2.13rc0

v3.2.14

v3.2.14rc0

v3.2.15

v3.2.15rc0

v3.2.16

v3.2.16rc0

v3.2.17

v3.2.17rc0

v3.2.18

v3.2.18rc0

v3.2.1rc0

v3.2.2

v3.2.2rc0

v3.2.3

v3.2.3rc0

v3.2.4

v3.2.4rc0

v3.2.5

v3.2.5rc0

v3.2.6

v3.2.6rc0

v3.2.7

v3.2.7rc0

v3.2.8

v3.2.8rc0

v3.2.9

v3.2.9rc0

wireshark-2.*

wireshark-2.6.0

wireshark-2.6.1

wireshark-2.6.10

wireshark-2.6.11

wireshark-2.6.12

wireshark-2.6.13

wireshark-2.6.14

wireshark-2.6.15

wireshark-2.6.16

wireshark-2.6.17

wireshark-2.6.18

wireshark-2.6.19

wireshark-2.6.2

wireshark-2.6.20

wireshark-2.6.3

wireshark-2.6.4

wireshark-2.6.5

wireshark-2.6.6

wireshark-2.6.7

wireshark-2.6.8

wireshark-2.6.9

wireshark-3.*

wireshark-3.0.0

wireshark-3.0.1

wireshark-3.0.10

wireshark-3.0.11

wireshark-3.0.12

wireshark-3.0.13

wireshark-3.0.14

wireshark-3.0.2

wireshark-3.0.3

wireshark-3.0.4

wireshark-3.0.5

wireshark-3.0.6

wireshark-3.0.7

wireshark-3.0.8

wireshark-3.0.9

wireshark-3.2.0

wireshark-3.2.1

wireshark-3.2.10

wireshark-3.2.11

wireshark-3.2.12

wireshark-3.2.13

wireshark-3.2.14

wireshark-3.2.15

wireshark-3.2.16

wireshark-3.2.17

wireshark-3.2.18

wireshark-3.2.2

wireshark-3.2.3

wireshark-3.2.4

wireshark-3.2.5

wireshark-3.2.6

wireshark-3.2.7

wireshark-3.2.8

wireshark-3.2.9

Git / gitlab.com/wireshark/wireshark

Affected ranges

Type: GIT
Repo: https://gitlab.com/wireshark/wireshark
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

5803c7b87b3414cdb8bf502af50bb406ca774482

Affected versions

Other

backups/ethereal@18706

ethereal-0-3-15

start

ethereal-0.*

ethereal-0.3.15

v1.*

v1.11.0

v1.11.0-rc1

v1.11.1

v1.11.1-rc1

v1.11.2

v1.11.2-rc1

v1.11.3

v1.11.3-rc1

v1.11.4-rc1

v1.99.0

v1.99.0-rc1

v1.99.1

v1.99.10rc0

v1.99.1rc0

v1.99.2

v1.99.2rc0

v1.99.3

v1.99.3rc0

v1.99.4

v1.99.4rc0

v1.99.5

v1.99.5rc0

v1.99.6

v1.99.6rc0

v1.99.7

v1.99.7rc0

v1.99.8

v1.99.8rc0

v1.99.9

v1.99.9rc0

v2.*

v2.1.0

v2.1.0rc0

v2.1.1

v2.1.1rc0

v2.1.2rc0

v2.3.0rc0

v2.5.0

v2.5.0rc0

v2.5.1

v2.5.1rc0

v2.5.2rc0