CVE-2020-25866
Published
CVSS v3
7.5
HIGH
CVSS v2
5
MEDIUM
Affected
1
PROJECT
Description
In Wireshark 3.2.0 to 3.2.6 and 3.0.0 to 3.0.13, the BLIP protocol dissector has a NULL pointer dereference because a buffer was sized for compressed (not uncompressed) messages. This was addressed in epan/dissectors/packet-blip.c by allowing reasonable compression ratios and rejecting ZIP bombs.
Wireshark's official code repository. You can keep the releases coming by donating at https://wiresharkfoundation.org/donate/.
GitLab