[Forgot Password]
Login  Register Subscribe

30430

 
 

423868

 
 

247974

 
 

909

 
 

194654

 
 

282

 
Paid content will be excluded from the download.


Download | Alert*
CVE
view JSON

CVE-2019-12295Date: (C)2019-06-19   (M)2023-12-22


In Wireshark 3.0.0 to 3.0.1, 2.6.0 to 2.6.8, and 2.4.0 to 2.4.14, the dissection engine could crash. This was addressed in epan/packet.c by restricting the number of layers and consequently limiting recursion.

CVSS Score and Metrics +CVSS Score and Metrics -

CVSS V3 Severity:CVSS V2 Severity:
CVSS Score : 7.5CVSS Score : 5.0
Exploit Score: 3.9Exploit Score: 10.0
Impact Score: 3.6Impact Score: 2.9
 
CVSS V3 Metrics:CVSS V2 Metrics:
Attack Vector: NETWORKAccess Vector: NETWORK
Attack Complexity: LOWAccess Complexity: LOW
Privileges Required: NONEAuthentication: NONE
User Interaction: NONEConfidentiality: NONE
Scope: UNCHANGEDIntegrity: NONE
Confidentiality: NONEAvailability: PARTIAL
Integrity: NONE 
Availability: HIGH 
  
Reference:
BID-108464
USN-4133-1
https://lists.debian.org/debian-lts-announce/2020/10/msg00036.html
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=15778
https://code.wireshark.org/review/gitweb?p=wireshark.git%3Ba=commit%3Bh=7b6e197da4c497e229ed3ebf6952bae5c426a820
https://support.f5.com/csp/article/K06725231
https://support.f5.com/csp/article/K06725231?utm_source=f5support&%3Butm_medium=RSS
https://www.wireshark.org/security/wnpa-sec-2019-19.html

CPE    10
cpe:/o:debian:debian_linux:9.0
cpe:/a:f5:big-ip_access_policy_manager:15.1.0
cpe:/o:canonical:ubuntu_linux:18.04::~~lts~~~
cpe:/a:f5:big-ip_webaccelerator:15.1.0
...
CWE    1
CWE-674
OVAL    7
oval:org.secpod.oval:def:55041
oval:org.secpod.oval:def:2103894
oval:org.secpod.oval:def:1801475
oval:org.secpod.oval:def:1801435
...

© SecPod Technologies