PT-2019-6154 · Wireshark+3 · Wireshark+3
Publicado
2019-09-15
·
Atualizado
2024-06-15
·
CVE-2019-16319
CVSS v2.0
7.8
Alta
| Vetor | AV:N/AC:L/Au:N/C:N/I:N/A:C |
Name of the Vulnerable Software and Affected Versions
Wireshark versions 2.6.0 through 2.6.10
Wireshark versions 3.0.0 through 3.0.3
Description
The issue is related to the Gryphon dissector going into an infinite loop, potentially allowing a remote attacker to cause a denial of service. This occurs when the dissector encounters a message with a length of zero. The problem was addressed by adding a check for a zero message length in the plugins/epan/gryphon/packet-gryphon.c file.
Recommendations
For Wireshark versions 2.6.0 through 2.6.10, update to a version where the issue is fixed by adding a check for a zero message length in the plugins/epan/gryphon/packet-gryphon.c file.
For Wireshark versions 3.0.0 through 3.0.3, update to a version where the issue is fixed by adding a check for a zero message length in the plugins/epan/gryphon/packet-gryphon.c file.
As a temporary workaround, consider disabling the Gryphon dissector until a patch is available.
Correção
Infinite Loop
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
Alt Linux
Astra Linux
Suse
Wireshark