CVE-2019-10902Unchecked Return Value in Wireshark

CWE-252Unchecked Return ValueCWE-20Improper Input Validation6 documents5 sources
Severity
7.5HIGHNVD
EPSS
0.6%
top 30.14%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
Fedoraproject FedoraWiresharkDebian Wireshark
Timeline
PublishedApr 9
Latest updateMay 13

Description

In Wireshark 3.0.0, the TSDNS dissector could crash. This was addressed in epan/dissectors/packet-tsdns.c by splitting strings safely.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 3.9 | Impact: 3.6

Affected Packages2 packages

Also affects: Fedora 29, 30

Patches

Patch: bugs.wireshark.orgPatch: bugs.wireshark.org

🔴Vulnerability Details

1
GHSA
GHSA-grp6-r7rq-fpc3: In Wireshark 32022-05-13

📋Vendor Advisories

2
Red Hat
wireshark: TSDNS dissector crash (wnpa-sec-2019-16)2019-03-19
Debian
CVE-2019-10902: wireshark - In Wireshark 3.0.0, the TSDNS dissector could crash. This was addressed in epan/...2019

💬Community

2
Bugzilla
CVE-2019-10902 wireshark: TSDNS dissector crash (wnpa-sec-2019-16)2019-04-09
Bugzilla
CVE-2019-10902 wireshark: TSDNS dissector crash (wnpa-sec-2019-16) [fedora-all]2019-04-09