CVE-2019-13619 — Improper Restriction of Operations within the Bounds of a Memory Buffer in Wireshark

CWE-119 — Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-125 — Out-of-bounds Read8 documents7 sources

Severity

7.5HIGHNVD

EPSS

9.8%

top 7.01%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Wireshark Debian Wireshark Canonical Ubuntu Linux +3 more

Timeline

PublishedJul 17

Latest updateMay 24

Description

In Wireshark 3.0.0 to 3.0.2, 2.6.0 to 2.6.9, and 2.4.0 to 2.4.15, the ASN.1 BER dissector and related dissectors could crash. This was addressed in epan/asn1.c by properly restricting buffer increments.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 3.9 | Impact: 3.6

Affected Packages4 packages

▶debiandebian/wireshark< wireshark 2.6.10-1 (bookworm)

▶Debianwireshark/wireshark< 2.6.10-1+3

▶NVDwireshark/wireshark2.4.0 — 2.4.15+2

▶NVDopensuse/leap15.0, 15.1+1

Also affects: Debian Linux 9.0, Fedora 29, 30, Ubuntu Linux 16.04, 18.04, 19.04

🔴Vulnerability Details

GHSA

GHSA-mh9j-54rp-3h7j: In Wireshark 3↗2022-05-24

▶

OSV

CVE-2019-13619: In Wireshark 3↗2019-07-17

▶

📋Vendor Advisories

Ubuntu

Wireshark vulnerabilities↗2019-09-16

▶

Red Hat

wireshark: ASN.1 BER dissector crash (wnpa-sec-2019-20)↗2019-07-17

▶

Debian

CVE-2019-13619: wireshark - In Wireshark 3.0.0 to 3.0.2, 2.6.0 to 2.6.9, and 2.4.0 to 2.4.15, the ASN.1 BER ...↗2019

▶

💬Community

Bugzilla

CVE-2019-13619 wireshark: AN.1 BER dissector crash (wnpa-sec-2019-20) [fedora-all]↗2019-07-18

▶

Bugzilla

CVE-2019-13619 wireshark: ASN.1 BER dissector crash (wnpa-sec-2019-20)↗2019-07-18

▶