CVE-2019-5717

Published: Jan 8, 2019Modified: Nov 21, 2024

5.5

Vector

CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

Exploitability: 1.8 / Impact: 3.6

Source: NVD

Description

In Wireshark 2.6.0 to 2.6.5 and 2.4.0 to 2.4.11, the P_MUL dissector could crash. This was addressed in epan/dissectors/packet-p_mul.c by rejecting the invalid sequence number of zero.

Affected (4)

Products: Wireshark: Wireshark · Debian: Debian Linux

1 product

1 product

Configuration A

2 vulnerable

Vulnerable Software	Affected Versions
Wireshark Wireshark	From 2.4.0 to 2.4.11
Wireshark Wireshark	From 2.6.0 to 2.6.5

Configuration B

2 vulnerable

Vulnerable Software	Affected Versions
Debian Debian Linux	Version 8.0
Debian Debian Linux	Version 9.0

Related CWEs

CWE-20

Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

References (16)

http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00027.html

Source: cve@mitre.org

http://www.securityfocus.com/bid/106482

Source: cve@mitre.org

Third Party AdvisoryVDB Entry

https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=15337

Source: cve@mitre.org

ExploitIssue TrackingVendor Advisory

https://code.wireshark.org/review/gitweb?p=wireshark.git%3Ba=commit%3Bh=bf9272a92f3df1e4ccfaad434e123222ae5313f7

Source: cve@mitre.org

https://lists.debian.org/debian-lts-announce/2019/01/msg00022.html

Source: cve@mitre.org

Third Party Advisory

https://seclists.org/bugtraq/2019/Mar/35

Source: cve@mitre.org

Mailing ListThird Party Advisory

https://www.debian.org/security/2019/dsa-4416

Source: cve@mitre.org

Third Party Advisory

https://www.wireshark.org/security/wnpa-sec-2019-02.html

Source: cve@mitre.org

Vendor Advisory

http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00027.html