wireshark: GVCP dissector infinite loop (CVE-2020-15466)
In Wireshark 3.2.0 to 3.2.4, the GVCP dissector could go into an infinite loop. This was addressed in epan/dissectors/packet-gvcp.c by ensuring that an offset increases in all situations.
Fixed In Version:
wireshark 3.2.5
References:
- https://www.wireshark.org/security/wnpa-sec-2020-09.html
- https://nvd.nist.gov/vuln/detail/CVE-2020-15466
Affected branches:
-
master (88553304) -
3.12-stable