CVE-2020-25863 | Vulnerability Database | Aqua Security

In Wireshark 3.2.0 to 3.2.6, 3.0.0 to 3.0.13, and 2.6.0 to 2.6.20, the MIME Multipart dissector could crash. This was addressed in epan/dissectors/packet-multipart.c by correcting the deallocation of invalid MIME parts.

Affected Software

Name	Vendor	Start Version	End Version
Wireshark	Wireshark	2.6.0 (including)	2.6.20 (including)
Wireshark	Wireshark	3.0.0 (including)	3.0.13 (including)
Wireshark	Wireshark	3.2.0 (including)	3.2.6 (including)
Wireshark	Ubuntu	bionic	*
Wireshark	Ubuntu	esm-apps/bionic	*
Wireshark	Ubuntu	esm-apps/focal	*
Wireshark	Ubuntu	esm-apps/xenial	*
Wireshark	Ubuntu	trusty	*
Wireshark	Ubuntu	trusty/esm	*
Wireshark	Ubuntu	upstream	*
Wireshark	Ubuntu	xenial	*

References

http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00035.html
http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00038.html
https://gitlab.com/wireshark/wireshark/-/commit/5803c7b87b3414cdb8bf502af50bb406ca774482
https://gitlab.com/wireshark/wireshark/-/issues/16741
https://lists.debian.org/debian-lts-announce/2021/02/msg00008.html
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4DQHPKZFQ7W3X34RYN3FWFYCFJD4FXJW/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6IGRYKW4XLR44YDWTAH547ODYYBYPB2D/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZUHMK5HYTUUDXA64T2TAMAFMYV674QBW/
https://www.oracle.com/security-alerts/cpujan2021.html
https://www.wireshark.org/security/wnpa-sec-2020-11.html

NVD	https://nvd.nist.gov/vuln/detail/CVE-2020-25863
CWE	https://cwe.mitre.org/data/definitions/.html