CVE-2019-5717Improper Input Validation in Wireshark

CWE-20Improper Input ValidationCWE-476NULL Pointer Dereference7 documents6 sources
Severity
5.5MEDIUMNVD
EPSS
0.3%
top 49.13%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
WiresharkDebian WiresharkDebian Linux
Timeline
PublishedJan 8
Latest updateMay 13

Description

In Wireshark 2.6.0 to 2.6.5 and 2.4.0 to 2.4.11, the P_MUL dissector could crash. This was addressed in epan/dissectors/packet-p_mul.c by rejecting the invalid sequence number of zero.

CVSS vector

CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:HExploitability: 1.8 | Impact: 3.6

Affected Packages3 packages

debiandebian/wireshark< wireshark 2.6.6-1 (bookworm)
Debianwireshark/wireshark< 2.6.6-1+3
NVDwireshark/wireshark2.4.02.4.11+1

Also affects: Debian Linux 8.0, 9.0

🔴Vulnerability Details

2
GHSA
GHSA-3m9m-hq7w-gxvp: In Wireshark 22022-05-13
OSV
CVE-2019-5717: In Wireshark 22019-01-08

📋Vendor Advisories

2
Red Hat
wireshark: P_MUL dissector crash in epan/dissectors/packet-p_mul.c2019-01-08
Debian
CVE-2019-5717: wireshark - In Wireshark 2.6.0 to 2.6.5 and 2.4.0 to 2.4.11, the P_MUL dissector could crash...2019

💬Community

2
Bugzilla
CVE-2019-5717 wireshark: P_MUL dissector crash in epan/dissectors/packet-p_mul.c [fedora-all]2019-01-18
Bugzilla
CVE-2019-5717 wireshark: P_MUL dissector crash in epan/dissectors/packet-p_mul.c2019-01-18