CVE-2020-26421

Crash in USB HID protocol dissector and possibly other dissectors in Wireshark 3.4.0 and 3.2.0 to 3.2.8 allows denial of service via packet injection or crafted capture file.

References

Affected packages

Debian:11 / wireshark

Package

Name: wireshark
Purl: pkg:deb/debian/wireshark?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

3.4.1-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:12 / wireshark

Package

Name: wireshark
Purl: pkg:deb/debian/wireshark?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

3.4.1-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:13 / wireshark

Package

Name: wireshark
Purl: pkg:deb/debian/wireshark?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

3.4.1-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Git / github.com/wireshark/wireshark

Affected ranges

Type: GIT
Repo: https://github.com/wireshark/wireshark
Events: Introduced

e0ed4cfa3d72110257da54c26ad3a28d282ef454

Last affected

8c208b7f257de50613e1e6a09a5b221f284883a0

Last affected

9733f173ea5e6255e8da208ef183210aa264d948

Affected versions

v3.*

v3.2.0

v3.2.1

v3.2.1rc0

v3.2.2

v3.2.2rc0

v3.2.3

v3.2.3rc0

v3.2.4

v3.2.4rc0

v3.2.5

v3.2.5rc0

v3.2.6

v3.2.6rc0

v3.2.7

v3.2.7rc0

v3.2.8

v3.2.8rc0

wireshark-3.*

wireshark-3.2.0

wireshark-3.2.1

wireshark-3.2.2

wireshark-3.2.3

wireshark-3.2.4

wireshark-3.2.5

wireshark-3.2.6

wireshark-3.2.7

wireshark-3.2.8