Subject: [ASA-202007-2] wireshark-cli: denial of service Arch Linux Security Advisory ASA-202007-2 ========================================= Severity: Low Date : 2020-07-18 CVE-ID : CVE-2020-15466 Package : wireshark-cli Type : denial of service Remote : Yes Link : https://security.archlinux.org/AVG-1198 Summary ======= The package wireshark-cli before version 3.2.5-1 is vulnerable to denial of service. Resolution ========== Upgrade to 3.2.5-1. # pacman -Syu "wireshark-cli>=3.2.5-1" The problem has been fixed upstream in version 3.2.5. Workaround ========== None. Description =========== An infinite loop has been found in the GVCP dissector of Wireshark before 3.2.5. It may be possible to make Wireshark consume excessive CPU resources by injecting a malformed packet onto the wire or by convincing someone to read a malformed packet trace file. Impact ====== A remote attacker is able use specially crafted packets to perform a denial of service attack. References ========== https://www.wireshark.org/security/wnpa-sec-2020-09 https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=16029 https://code.wireshark.org/review/#/c/37618/ https://security.archlinux.org/CVE-2020-15466