Home

CVE-2020-9428

Description

In Wireshark 3.2.0 to 3.2.1, 3.0.0 to 3.0.8, and 2.6.0 to 2.6.14, the EAP dissector could crash. This was addressed in epan/dissectors/packet-eap.c by using more careful sscanf parsing.

Risk Information

Base Score
7.5
MODERATE
Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
EPSS Score
Exploitation Probability
8.184

Associated Vulnerability

VulnerabilityOS Platform
Vulnerabilities CVE-2020-9429,CVE-2020-9428,CVE-2020-9430,CVE-2020-9431 are fixed in Wireshark (3.2.2)Windows
Vulnerabilities CVE-2020-9429,CVE-2020-9428,CVE-2020-9430,CVE-2020-9431 are fixed in Wireshark (X64) (3.2.2)Windows
Vulnerabilities CVE-2020-9429,CVE-2020-9428,CVE-2020-9430,CVE-2020-9431 are fixed in Wireshark x64 3.2.2Windows
Vulnerabilities CVE-2020-9428,CVE-2020-9430,CVE-2020-9431 are fixed in Wireshark 3.0.9Windows
Vulnerabilities CVE-2020-9428,CVE-2020-9430,CVE-2020-9431 are fixed in Wireshark x64 3.0.9Windows
Vulnerabilities CVE-2020-9428,CVE-2020-9430,CVE-2020-9431 are fixed in Wireshark 2.6.15Windows
Vulnerabilities CVE-2020-9428,CVE-2020-9430,CVE-2020-9431 are fixed in Wireshark x64 2.6.15Windows
Vulnerabilities CVE-2020-9428,CVE-2020-9430,CVE-2020-9431 are affected in WireShark For Mac 2.6.14Mac
Vulnerabilities CVE-2020-9428,CVE-2020-9430,CVE-2020-9431 are affected in WireShark For Mac 3.0.8Mac
Vulnerabilities CVE-2020-9428,CVE-2020-9430,CVE-2020-9431 are affected in WireShark For Mac 3.2.1Mac
Vulnerabilities CVE-2020-9428,CVE-2020-9430,CVE-2020-9431,CVE-2020-9429 are fixed in Wireshark for Mac 3.2.2Mac

Patch Details

Click to see the patches provided by ManageEngine for this CVE
Patch IDPatch Description
PATCH-313079Wireshark (3.2.2)
PATCH-313080Wireshark (X64) (3.2.2)
PATCH-313079Wireshark (3.2.2)
PATCH-338541Wireshark (3.6.24)
PATCH-338541Wireshark (3.6.24)
PATCH-338541Wireshark (3.6.24)
PATCH-338541Wireshark (3.6.24)
PATCH-611905WireShark for Mac (Apple Silicon) (4.4.9)
PATCH-611905WireShark for Mac (Apple Silicon) (4.4.9)
PATCH-611905WireShark for Mac (Apple Silicon) (4.4.9)
PATCH-612949WireShark for Mac (4.6.2)

References

https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234