CVE-2020-9428 : Security Advisory and Response

Wireshark versions 3.2.0 to 3.2.1, 3.0.0 to 3.0.8, and 2.6.0 to 2.6.14 are affected by a vulnerability in the EAP dissector that could lead to a crash.

Understanding CVE-2020-9428

This CVE entry pertains to a specific vulnerability found in Wireshark versions.

What is CVE-2020-9428?

The vulnerability in Wireshark versions 3.2.0 to 3.2.1, 3.0.0 to 3.0.8, and 2.6.0 to 2.6.14 allows the EAP dissector to crash, posing a risk to the stability and functionality of the software.

The Impact of CVE-2020-9428

The vulnerability could be exploited by attackers to cause a denial of service (DoS) by crashing the EAP dissector, potentially disrupting network monitoring and analysis processes.

Technical Details of CVE-2020-9428

Wireshark's vulnerability is further detailed below.

Vulnerability Description

The issue was addressed in the epan/dissectors/packet-eap.c file by implementing more careful sscanf parsing to prevent the EAP dissector from crashing.

Affected Systems and Versions

Wireshark 3.2.0 to 3.2.1
Wireshark 3.0.0 to 3.0.8
Wireshark 2.6.0 to 2.6.14

Exploitation Mechanism

Attackers could exploit this vulnerability by sending specially crafted network packets to trigger the crash in the EAP dissector.

Mitigation and Prevention

Protecting systems from CVE-2020-9428 involves taking immediate and long-term security measures.

Immediate Steps to Take

Update Wireshark to the latest patched version to mitigate the vulnerability.
Monitor network traffic for any signs of exploitation.

Long-Term Security Practices

Regularly update Wireshark and other software to patch known vulnerabilities.
Implement network segmentation to limit the impact of potential attacks.

Patching and Updates

Apply security patches provided by Wireshark promptly to address CVE-2020-9428 and other vulnerabilities.