==================================================================== CERT-Renater Note d'Information No. 2020/VULN614 _____________________________________________________________________ DATE : 09/11/2020 HARDWARE PLATFORM(S): / OPERATING SYSTEM(S): Systems running Wireshark versions prior to 3.4.0, 3.2.8. ===================================================================== https://www.wireshark.org/security/wnpa-sec-2020-14.html https://www.wireshark.org/security/wnpa-sec-2020-15.html _____________________________________________________________________ wnpa-sec-2020-14 · FBZERO dissector crash Summary Name: FBZERO dissector crash Docid: wnpa-sec-2020-14 Date: October 29, 2020 Affected versions: 3.2.0 to 3.2.8 Fixed versions: 3.4.0, 3.2.8 References: Wireshark bug 16887 Details Description The FBZERO protocol dissector could crash. Impact It may be possible to make Wireshark consume excessive CPU resources by injecting a malformed packet onto the wire or by convincing someone to read a malformed packet trace file. Resolution Upgrade to Wireshark 3.4.0, 3.2.8 or later. _____________________________________________________________________ wnpa-sec-2020-15 · GQUIC dissector crash Summary Name: GQUIC dissector crash Docid: wnpa-sec-2020-15 Date: October 29, 2020 Affected versions: 3.2.0 to 3.2.8 Fixed versions: 3.4.0, 3.2.8 Details Description The GQUIC protocol dissector could crash. Impact It may be possible to make Wireshark consume excessive CPU resources by injecting a malformed packet onto the wire or by convincing someone to read a malformed packet trace file. Resolution Upgrade to Wireshark 3.4.0, 3.2.8 or later. ========================================================= + CERT-RENATER       |    tel : 01-53-94-20-44          + + 23/25 Rue Daviel   |    fax : 01-53-94-20-41         + + 75013 Paris        |    email:cert@support.renater.fr + =========================================================