In Wireshark 3.2.0 to 3.2.6 and 3.0.0 to 3.0.13, the BLIP protocol dissector has a NULL pointer dereference because a buffer was sized for compressed (not uncompressed) messages. This was addressed in epan/dissectors/packet-blip.c by allowing reasonable compression ratios and rejecting ZIP bombs.
Source: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25866
Reference (s):
- FEDORA:FEDORA-2020-1b390bec14
- URL: https://lists.fedoraproject.org/archives/list/[email protected]/message/6IGRYKW4XLR44YDWTAH547ODYYBYPB2D/
- FEDORA:FEDORA-2020-1bf4b97c16
- URL: https://lists.fedoraproject.org/archives/list/[email protected]/message/4DQHPKZFQ7W3X34RYN3FWFYCFJD4FXJW/
- FEDORA:FEDORA-2020-9bda6ae1cd