CVE-2020-26575

In Wireshark through 3.2.7, the Facebook Zero Protocol (aka FBZERO) dissector could enter an infinite loop. This was addressed in epan/dissectors/packet-fbzero.c by correcting the implementation of offset advancement.

Weakness

The product contains an iteration or loop with an exit condition that cannot be reached, i.e., an infinite loop.

Affected Software

Name	Vendor	Start Version	End Version
Wireshark	Wireshark	*	3.2.7 (including)
Wireshark	Ubuntu	bionic	*
Wireshark	Ubuntu	esm-apps/bionic	*
Wireshark	Ubuntu	esm-apps/focal	*
Wireshark	Ubuntu	esm-apps/xenial	*
Wireshark	Ubuntu	esm-infra-legacy/trusty	*
Wireshark	Ubuntu	focal	*
Wireshark	Ubuntu	groovy	*
Wireshark	Ubuntu	trusty	*
Wireshark	Ubuntu	trusty/esm	*
Wireshark	Ubuntu	xenial	*

References

https://gitlab.com/wireshark/wireshark/-/commit/3ff940652962c099b73ae3233322b8697b0d10ab
https://gitlab.com/wireshark/wireshark/-/issues/16887
https://gitlab.com/wireshark/wireshark/-/merge_requests/467
https://gitlab.com/wireshark/wireshark/-/merge_requests/471
https://gitlab.com/wireshark/wireshark/-/merge_requests/472
https://gitlab.com/wireshark/wireshark/-/merge_requests/473
https://lists.debian.org/debian-lts-announce/2021/02/msg00008.html
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UHZSVK7PO2LTGFQXFHFXY6SOMSQ7UPRS/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/V2667E6WKVE56G66BVBVD7LJPIDOJ7K3/
https://security.gentoo.org/glsa/202011-08
https://www.oracle.com/security-alerts/cpujan2021.html
https://www.wireshark.org/security/wnpa-sec-2020-14.html

NVD	https://nvd.nist.gov/vuln/detail/CVE-2020-26575
CWE	https://cwe.mitre.org/data/definitions/835.html

Loop with Unreachable Exit Condition ('Infinite Loop')

Weakness

Affected Software

References