PT-2019-6154 · Wireshark+3 · Wireshark+3
Published
2019-09-15
·
Updated
2024-06-15
·
CVE-2019-16319
CVSS v2.0
7.8
High
| Vector | AV:N/AC:L/Au:N/C:N/I:N/A:C |
Name of the Vulnerable Software and Affected Versions
Wireshark versions 2.6.0 through 2.6.10
Wireshark versions 3.0.0 through 3.0.3
Description
The issue is related to the Gryphon dissector going into an infinite loop, potentially allowing a remote attacker to cause a denial of service. This occurs when the dissector encounters a message with a length of zero. The problem was addressed by adding a check for a zero message length in the plugins/epan/gryphon/packet-gryphon.c file.
Recommendations
For Wireshark versions 2.6.0 through 2.6.10, update to a version where the issue is fixed by adding a check for a zero message length in the plugins/epan/gryphon/packet-gryphon.c file.
For Wireshark versions 3.0.0 through 3.0.3, update to a version where the issue is fixed by adding a check for a zero message length in the plugins/epan/gryphon/packet-gryphon.c file.
As a temporary workaround, consider disabling the Gryphon dissector until a patch is available.
Fix
Infinite Loop
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Alt Linux
Astra Linux
Suse
Wireshark