wnpa-sec-2020-10 · Kafka dissector crash

Summary

Name: Kafka dissector crash

Docid: wnpa-sec-2020-10

Date: August 12, 2020

Affected versions: 3.2.0 to 3.2.5

Fixed versions: 3.2.6

References:
Wireshark issue 16672
CVE-2020-17498

Details

Description

The Kafka dissector could crash.

Impact

It may be possible to make Wireshark crash by injecting a malformed packet onto the wire or by convincing someone to read a malformed packet trace file.

Resolution

Upgrade to Wireshark 3.2.6 or later.