CVE-2020-26575
moderate-risk
Published 2020-10-06
In Wireshark through 3.2.7, the Facebook Zero Protocol (aka FBZERO) dissector could enter an infinite loop. This was addressed in epan/dissectors/packet-fbzero.c by correcting the implementation of offset advancement.
Do I need to act?
~
2.2% chance of exploitation in next 30 days
EPSS score — moderate exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
7
CVSS 7.5/10
High
NETWORK
/ LOW complexity
Affected Products (5)
Affected Vendors
References (24)
Third Party Advisory
https://security.gentoo.org/glsa/202011-08
Third Party Advisory
https://www.oracle.com/security-alerts/cpujan2021.html
Vendor Advisory
https://www.wireshark.org/security/wnpa-sec-2020-14.html
and 4 more references
43
/ 100
moderate-risk
Severity
26/34 · High
Exploitability
5/34 · Minimal
Exposure
12/34 · Low