{
  "threat_severity" : "Moderate",
  "public_date" : "2020-01-15T00:00:00Z",
  "bugzilla" : {
    "description" : "wireshark: invalid memory access in BT ATT dissector",
    "id" : "1798671",
    "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1798671"
  },
  "cvss3" : {
    "cvss3_base_score" : "6.5",
    "cvss3_scoring_vector" : "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
    "status" : "draft"
  },
  "cwe" : "CWE-20",
  "details" : [ "In Wireshark 3.0.x before 3.0.8, the BT ATT dissector could crash. This was addressed in epan/dissectors/packet-btatt.c by validating opcodes.", "An invalid memory access vulnerability was discovered in Wireshark when processing malformed Bluetooth packets. An attacker could use this flaw to send malicious Bluetooth packets that can crash Wireshark, or trick a user into running the tool on a malformed packet trace file." ],
  "statement" : "This issue did not affect the versions of wireshark as shipped with Red Hat Enterprise Linux 7 as they did not include the vulnerable code.",
  "package_state" : [ {
    "product_name" : "Red Hat Enterprise Linux 5",
    "fix_state" : "Out of support scope",
    "package_name" : "wireshark",
    "cpe" : "cpe:/o:redhat:enterprise_linux:5"
  }, {
    "product_name" : "Red Hat Enterprise Linux 6",
    "fix_state" : "Out of support scope",
    "package_name" : "wireshark",
    "cpe" : "cpe:/o:redhat:enterprise_linux:6"
  }, {
    "product_name" : "Red Hat Enterprise Linux 7",
    "fix_state" : "Not affected",
    "package_name" : "wireshark",
    "cpe" : "cpe:/o:redhat:enterprise_linux:7"
  }, {
    "product_name" : "Red Hat Enterprise Linux 8",
    "fix_state" : "Will not fix",
    "package_name" : "wireshark",
    "cpe" : "cpe:/o:redhat:enterprise_linux:8"
  } ],
  "references" : [ "https://www.cve.org/CVERecord?id=CVE-2020-7045\nhttps://nvd.nist.gov/vuln/detail/CVE-2020-7045" ],
  "name" : "CVE-2020-7045",
  "csaw" : false
}