PT-2019-5767 · Wireshark+3 · Wireshark+3
Publicado
2018-04-03
·
Atualizado
2022-05-03
·
CVE-2019-12295
CVSS v3.1
7.5
Alta
| Vetor | AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
Name of the Vulnerable Software and Affected Versions
Wireshark versions 2.4.0 through 2.4.14
Wireshark versions 2.6.0 through 2.6.8
Wireshark versions 3.0.0 through 3.0.1
Description
The issue is related to a flaw in the dissection engine of Wireshark, a network traffic analyzer, which can lead to a denial of service. This can be exploited by a remote attacker, causing the service to crash. The problem arises from insufficient control over code generation.
Recommendations
For Wireshark versions 2.4.0 through 2.4.14, update to a version that restricts the number of layers and limits recursion to prevent the dissection engine from crashing.
For Wireshark versions 2.6.0 through 2.6.8, update to a version that restricts the number of layers and limits recursion to prevent the dissection engine from crashing.
For Wireshark versions 3.0.0 through 3.0.1, update to a version that restricts the number of layers and limits recursion to prevent the dissection engine from crashing.
Correção
Uncontrolled Recursion
Code Injection
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Identificadores relacionados
Produtos afetados
Alt Linux
Astra Linux
Ubuntu
Wireshark