Published: 08/01/2019 Updated: 07/11/2023

CVSS v2 Base Score: 4.3 | Impact Score: 2.9 | Exploitability Score: 8.6

CVSS v3 Base Score: 5.5 | Impact Score: 3.6 | Exploitability Score: 1.8

VMScore: 383

Vector: AV:N/AC:M/Au:N/C:N/I:N/A:P

In Wireshark 2.6.0 to 2.6.5 and 2.4.0 to 2.4.11, the RTSE dissector and other ASN.1 dissectors could crash. This was addressed in epan/charsets.c by adding a get_t61_string length check.

Vulnerable Product	Search on Vulmon	Subscribe to Product
wireshark wireshark
debian debian linux 9.0

It was discovered that Wireshark, a network traffic analyzer, contained several vulnerabilities in the dissectors for 6LoWPAN, P_MUL, RTSE, ISAKMP, TCAP, ASN1 BER and RPCAP, which could result in denial of service For the stable distribution (stretch), these problems have been fixed in version 267-1~deb9u1 We recommend that you upgrade your wi ...

In Wireshark 260 to 265 and 240 to 2411, the RTSE dissector and other ASN1 dissectors could crash This was addressed in epan/charsetsc by adding a get_t61_string length check ...

An out-of-bounds read has been found in the RTSE dissector of Wireshark versions prior to 266, which could be triggered by injecting a malformed packet onto the wire or by convincing someone to read a malformed packet trace file ...

CWE-125 https://www.wireshark.org/security/wnpa-sec-2019-03.html https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=15373 http://www.securityfocus.com/bid/106482 https://www.debian.org/security/2019/dsa-4416 https://seclists.org/bugtraq/2019/Mar/35 https://www.oracle.com/security-alerts/cpujan2020.html http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00027.html https://code.wireshark.org/review/gitweb?p=wireshark.git%3Ba=commit%3Bh=cd09cb5cfb673beca3cce20b1d6a9bc67a134ae1 https://nvd.nist.gov https://www.debian.org/security/2019/dsa-4416 https://access.redhat.com/security/cve/cve-2019-5718

CVE-2019-5718

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

References

Vulmon Search

About

Products

Connect