| Bug ID | 1173606 |
|---|---|
| Summary | VUL-1: CVE-2020-15466: wireshark: GVCP dissector infinite loop (wnpa-sec-2020-09) |
| Classification | openSUSE |
| Product | openSUSE Distribution |
| Version | Leap 15.1 |
| Hardware | Other |
| OS | Other |
| Status | NEW |
| Severity | Minor |
| Priority | P5 - None |
| Component | Security |
| Assignee | rfrohl@suse.com |
| Reporter | Andreas.Stieger@gmx.de |
| QA Contact | qa-bugs@suse.de |
| CC | security-team@suse.de |
| Found By | Sprint Testing |
| Blocker | --- |
In Wireshark 3.2.x before 3.2.5 the GVCP dissector could go into an infinite loop. It may be possible to make Wireshark consume excessive CPU resources by injecting a malformed packet onto the wire or by convincing someone to read a malformed packet trace file. References: https://www.wireshark.org/security/wnpa-sec-2020-09 https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=16029