CVE-2020-28030

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2020-28030
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2020-28030.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2020-28030
Downstream
Related
Published
2020-11-02T21:15:30.477Z
Modified
2026-01-30T19:28:46.738150Z
Severity
  • 7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVSS Calculator
Summary
[none]
Details

In Wireshark 3.2.0 to 3.2.7, the GQUIC dissector could crash. This was addressed in epan/dissectors/packet-gquic.c by correcting the implementation of offset advancement.

References

Affected packages

Git / github.com/wireshark/wireshark

Affected ranges

Type
GIT
Repo
https://github.com/wireshark/wireshark
Events
Introduced
e0ed4cfa3d72110257da54c26ad3a28d282ef454

Affected versions

v3.*
v3.2.0
v3.2.1
v3.2.10
v3.2.10rc0
v3.2.11
v3.2.11rc0
v3.2.12
v3.2.12rc0
v3.2.13
v3.2.13rc0
v3.2.14
v3.2.14rc0
v3.2.15
v3.2.15rc0
v3.2.16
v3.2.16rc0
v3.2.17
v3.2.17rc0
v3.2.18
v3.2.18rc0
v3.2.1rc0
v3.2.2
v3.2.2rc0
v3.2.3
v3.2.3rc0
v3.2.4
v3.2.4rc0
v3.2.5
v3.2.5rc0
v3.2.6
v3.2.6rc0
v3.2.7
v3.2.7rc0
v3.2.8
v3.2.8rc0
v3.2.9
v3.2.9rc0
wireshark-3.*
wireshark-3.2.0
wireshark-3.2.1
wireshark-3.2.10
wireshark-3.2.11
wireshark-3.2.12
wireshark-3.2.13
wireshark-3.2.14
wireshark-3.2.15
wireshark-3.2.16
wireshark-3.2.17
wireshark-3.2.18
wireshark-3.2.2
wireshark-3.2.3
wireshark-3.2.4
wireshark-3.2.5
wireshark-3.2.6
wireshark-3.2.7
wireshark-3.2.8
wireshark-3.2.9

Database specific

source 
"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2020-28030.json"

Git / gitlab.com/wireshark/wireshark

Affected ranges

Type
GIT
Repo
https://gitlab.com/wireshark/wireshark
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
b287e7165e8aa89cde6ae37e7c257c5d87d16b9b

Affected versions

Other
backups/ethereal@18706
ethereal-0-3-15
start
ethereal-0.*
ethereal-0.3.15
v1.*
v1.11.0
v1.11.0-rc1
v1.11.1
v1.11.1-rc1
v1.11.2
v1.11.2-rc1
v1.11.3
v1.11.3-rc1
v1.11.4-rc1
v1.99.0
v1.99.0-rc1
v1.99.1
v1.99.10rc0
v1.99.1rc0
v1.99.2
v1.99.2rc0
v1.99.3
v1.99.3rc0
v1.99.4
v1.99.4rc0
v1.99.5
v1.99.5rc0
v1.99.6
v1.99.6rc0
v1.99.7
v1.99.7rc0
v1.99.8
v1.99.8rc0
v1.99.9
v1.99.9rc0
v2.*
v2.1.0
v2.1.0rc0
v2.1.1
v2.1.1rc0
v2.1.2rc0
v2.3.0rc0
v2.5.0
v2.5.0rc0
v2.5.1
v2.5.1rc0
v2.5.2rc0
v2.9.0
v2.9.0rc0
v2.9.1rc0
v3.*
v3.1.0
v3.1.0rc0
v3.1.1
v3.1.1rc0
v3.1.2rc0
v3.3.0
v3.3.0rc0
v3.3.1
v3.3.1rc0
v3.3.2rc0
wireshark-1.*
wireshark-1.11.3
wireshark-1.99.0
wireshark-1.99.1
wireshark-1.99.2
wireshark-1.99.3
wireshark-1.99.4
wireshark-1.99.5
wireshark-1.99.6
wireshark-1.99.7
wireshark-1.99.8
wireshark-1.99.9
wireshark-2.*
wireshark-2.1.0
wireshark-2.1.1
wireshark-2.5.0

Database specific

source 
"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2020-28030.json"
vanir_signatures 
[
    {
        "digest": {
            "length": 9423.0,
            "function_hash": "93666439817911880652568707146755693755"
        },
        "source": "https://gitlab.com/wireshark/wireshark@b287e7165e8aa89cde6ae37e7c257c5d87d16b9b",
        "target": {
            "function": "dissect_gquic_tag",
            "file": "epan/dissectors/packet-gquic.c"
        },
        "signature_version": "v1",
        "signature_type": "Function",
        "deprecated": false,
        "id": "CVE-2020-28030-8bf9ffc7"
    },
    {
        "digest": {
            "threshold": 0.9,
            "line_hashes": [
                "280974726505164498832962824171895621958",
                "319833764394839539996018421668773904580",
                "102435623945195054836624030565028356176",
                "129511524565700081700416126136415642483",
                "28107926798278441138880117578288969157",
                "222716997940042778667677425768016096569",
                "99556750202311595969094874610977454676",
                "237055850321980614802788386596803708312",
                "48325267683462326833116598420950938179",
                "303855810784359905657086906803144814681",
                "19642233341739342455331457094249227014",
                "245555687721842950819514724815158948132",
                "110354187581941810161087703105666630284",
                "246555755249623061771063583115586030231",
                "91800038486104211351087112837691629558",
                "278492313177756171993250479778510720043"
            ]
        },
        "source": "https://gitlab.com/wireshark/wireshark@b287e7165e8aa89cde6ae37e7c257c5d87d16b9b",
        "target": {
            "file": "epan/dissectors/packet-gquic.c"
        },
        "signature_version": "v1",
        "signature_type": "Line",
        "deprecated": false,
        "id": "CVE-2020-28030-9f6d66c8"
    },
    {
        "digest": {
            "length": 25944.0,
            "function_hash": "218040539303201998126225013104010039284"
        },
        "source": "https://gitlab.com/wireshark/wireshark@b287e7165e8aa89cde6ae37e7c257c5d87d16b9b",
        "target": {
            "function": "proto_register_gquic",
            "file": "epan/dissectors/packet-gquic.c"
        },
        "signature_version": "v1",
        "signature_type": "Function",
        "deprecated": false,
        "id": "CVE-2020-28030-edec86ca"
    }
]