CVE-2019-5716 — Improper Input Validation in Wireshark

CWE-20 — Improper Input Validation CWE-617 — Reachable Assertion7 documents6 sources

Severity

5.5MEDIUMNVD

EPSS

0.3%

top 49.13%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Wireshark Debian Wireshark Debian Linux

Timeline

PublishedJan 8

Latest updateMay 13

Description

In Wireshark 2.6.0 to 2.6.5, the 6LoWPAN dissector could crash. This was addressed in epan/dissectors/packet-6lowpan.c by avoiding use of a TVB before its creation.

CVSS vector

CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:HExploitability: 1.8 | Impact: 3.6

Affected Packages3 packages

▶debiandebian/wireshark< wireshark 2.6.6-1 (bookworm)

▶Debianwireshark/wireshark< 2.6.6-1+3

▶NVDwireshark/wireshark2.6.0 — 2.6.5

Also affects: Debian Linux 8.0, 9.0

🔴Vulnerability Details

GHSA

GHSA-4jgf-699w-j7rm: In Wireshark 2↗2022-05-13

▶

OSV

CVE-2019-5716: In Wireshark 2↗2019-01-08

▶

📋Vendor Advisories

Red Hat

wireshark: reachable assertion in fast_ensure_contiguous() from 6LoWPAN dissector↗2019-01-08

▶

Debian

CVE-2019-5716: wireshark - In Wireshark 2.6.0 to 2.6.5, the 6LoWPAN dissector could crash. This was address...↗2019

▶

💬Community

Bugzilla

CVE-2019-5716 wireshark: 6LoWPAN dissector crash in epan/dissectors/packet-6lowpan.c [fedora-all]↗2019-01-18

▶

Bugzilla

CVE-2019-5716 wireshark: reachable assertion in fast_ensure_contiguous() from 6LoWPAN dissector↗2019-01-18

▶