CVE-2019-5718 — Out-of-bounds Read in Wireshark

CWE-125 — Out-of-bounds Read7 documents6 sources

Severity

5.5MEDIUMNVD

EPSS

0.3%

top 49.13%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Wireshark Debian Wireshark Debian Linux

Timeline

PublishedJan 8

Latest updateMay 13

Description

In Wireshark 2.6.0 to 2.6.5 and 2.4.0 to 2.4.11, the RTSE dissector and other ASN.1 dissectors could crash. This was addressed in epan/charsets.c by adding a get_t61_string length check.

CVSS vector

CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:HExploitability: 1.8 | Impact: 3.6

Affected Packages3 packages

▶debiandebian/wireshark< wireshark 2.6.6-1 (bookworm)

▶Debianwireshark/wireshark< 2.6.6-1+3

▶NVDwireshark/wireshark2.4.0 — 2.4.11+1

Also affects: Debian Linux 9.0

🔴Vulnerability Details

GHSA

GHSA-vmh9-7r5j-qv6q: In Wireshark 2↗2022-05-13

▶

OSV

CVE-2019-5718: In Wireshark 2↗2019-01-08

▶

📋Vendor Advisories

Red Hat

wireshark: out-of-bounds read in get_t61_string() in epan/charsets.c↗2019-01-08

▶

Debian

CVE-2019-5718: wireshark - In Wireshark 2.6.0 to 2.6.5 and 2.4.0 to 2.4.11, the RTSE dissector and other AS...↗2019

▶

💬Community

Bugzilla

CVE-2019-5718 wireshark: out-of-bounds read in get_t61_string() in epan/charsets.c [fedora-all]↗2019-01-18

▶

Bugzilla

CVE-2019-5718 wireshark: out-of-bounds read in get_t61_string() in epan/charsets.c↗2019-01-18

▶