PT-2019-5767 · Wireshark+3 · Wireshark+3
Published
2018-04-03
·
Updated
2022-05-03
·
CVE-2019-12295
CVSS v3.1
7.5
High
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
Name of the Vulnerable Software and Affected Versions
Wireshark versions 2.4.0 through 2.4.14
Wireshark versions 2.6.0 through 2.6.8
Wireshark versions 3.0.0 through 3.0.1
Description
The issue is related to a flaw in the dissection engine of Wireshark, a network traffic analyzer, which can lead to a denial of service. This can be exploited by a remote attacker, causing the service to crash. The problem arises from insufficient control over code generation.
Recommendations
For Wireshark versions 2.4.0 through 2.4.14, update to a version that restricts the number of layers and limits recursion to prevent the dissection engine from crashing.
For Wireshark versions 2.6.0 through 2.6.8, update to a version that restricts the number of layers and limits recursion to prevent the dissection engine from crashing.
For Wireshark versions 3.0.0 through 3.0.1, update to a version that restricts the number of layers and limits recursion to prevent the dissection engine from crashing.
Fix
Uncontrolled Recursion
Code Injection
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Alt Linux
Astra Linux
Ubuntu
Wireshark