PT-2019-5363 · Wireshark+3 · Wireshark+3

Published

2018-04-03

Updated

2024-06-15

CVE-2019-10895

CVSS v2.0

7.8

High

Vector

AV:N/AC:L/Au:N/C:N/I:N/A:C

Name of the Vulnerable Software and Affected Versions Wireshark versions 2.4.0 through 2.4.13 Wireshark versions 2.6.0 through 2.6.7 Wireshark version 3.0.0

Description The issue exists due to insufficient input validation in the NetScaler module of the Wireshark network traffic analyzer. This could allow a remote attacker to cause a denial of service, potentially crashing the NetScaler file parser. The problem was addressed by improving data validation in the wiretap/netscaler.c file.

Recommendations For Wireshark versions 2.4.0 through 2.4.13, update the wiretap/netscaler.c file by improving data validation to prevent the NetScaler file parser from crashing. For Wireshark versions 2.6.0 through 2.6.7, update the wiretap/netscaler.c file by improving data validation to prevent the NetScaler file parser from crashing. For Wireshark version 3.0.0, update the wiretap/netscaler.c file by improving data validation to prevent the NetScaler file parser from crashing.

Exploit

Fix

RCE

Out of bounds Read

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-20CWE-125

Related Identifiers

ALT-PU-2018-1549

ALT-PU-2019-1633

BDU:2020-02570

CVE-2019-10895

DLA-1802-1

DLA-2423-1

OPENSUSE-SU-2019:1356-1

OPENSUSE-SU-2019_1356-1

OPENSUSE-SU-2019_1390-1

OPENSUSE-SU-2020:0362-1

OPENSUSE-SU-2020_0362-1

OPENSUSE-SU-2024:11513-1

SUSE-SU-2019:1036-1

SUSE-SU-2019:1038-1

SUSE-SU-2020:0693-1

USN-3986-1

Affected Products

Alt Linux

Suse

Ubuntu

Wireshark

PT-2019-5363 · Wireshark+3 · Wireshark+3

CVE-2019-10895

Weakness Enumeration

Related Identifiers

Affected Products

References · 472