PT-2019-5363 · Wireshark+3 · Wireshark+3

Publicado

2018-04-03

Atualizado

2024-06-15

CVE-2019-10895

CVSS v2.0

7.8

Alta

Vetor

AV:N/AC:L/Au:N/C:N/I:N/A:C

Name of the Vulnerable Software and Affected Versions Wireshark versions 2.4.0 through 2.4.13 Wireshark versions 2.6.0 through 2.6.7 Wireshark version 3.0.0

Description The issue exists due to insufficient input validation in the NetScaler module of the Wireshark network traffic analyzer. This could allow a remote attacker to cause a denial of service, potentially crashing the NetScaler file parser. The problem was addressed by improving data validation in the wiretap/netscaler.c file.

Recommendations For Wireshark versions 2.4.0 through 2.4.13, update the wiretap/netscaler.c file by improving data validation to prevent the NetScaler file parser from crashing. For Wireshark versions 2.6.0 through 2.6.7, update the wiretap/netscaler.c file by improving data validation to prevent the NetScaler file parser from crashing. For Wireshark version 3.0.0, update the wiretap/netscaler.c file by improving data validation to prevent the NetScaler file parser from crashing.

Exploit

Correção

RCE

Out of bounds Read

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-20CWE-125

Identificadores relacionados

ALT-PU-2018-1549

ALT-PU-2019-1633

BDU:2020-02570

CVE-2019-10895

DLA-1802-1

DLA-2423-1

OPENSUSE-SU-2019:1356-1

OPENSUSE-SU-2019_1356-1

OPENSUSE-SU-2019_1390-1

OPENSUSE-SU-2020:0362-1

OPENSUSE-SU-2020_0362-1

OPENSUSE-SU-2024:11513-1

SUSE-SU-2019:1036-1

SUSE-SU-2019:1038-1

SUSE-SU-2020:0693-1

USN-3986-1

Produtos afetados

Alt Linux

Suse

Ubuntu

Wireshark

PT-2019-5363 · Wireshark+3 · Wireshark+3

CVE-2019-10895

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 472