Debian Wireshark vulnerabilities

CVE-2019-5716 [MEDIUM] CVE-2019-5716: wireshark - In Wireshark 2.6.0 to 2.6.5, the 6LoWPAN dissector could crash. This was address... In Wireshark 2.6.0 to 2.6.5, the 6LoWPAN dissector could crash. This was addressed in epan/dissectors/packet-6lowpan.c by avoiding use of a TVB before its creation. Scope: local bookworm: resolved (fixed in 2.6.6-1) bullseye: resolved (fixed in 2.6.6-1) forky: resolved (fixed in 2.6.6-1) sid: resolved (fixed in 2.6.6-1) trixie: resolved (fixed in 2.6.6-1)

CVE-2019-10902 [HIGH] CVE-2019-10902: wireshark - In Wireshark 3.0.0, the TSDNS dissector could crash. This was addressed in epan/... In Wireshark 3.0.0, the TSDNS dissector could crash. This was addressed in epan/dissectors/packet-tsdns.c by splitting strings safely. Scope: local bookworm: resolved bullseye: resolved forky: resolved sid: resolved trixie: resolved

CVE-2019-10898 [HIGH] CVE-2019-10898: wireshark - In Wireshark 3.0.0, the GSUP dissector could go into an infinite loop. This was ... In Wireshark 3.0.0, the GSUP dissector could go into an infinite loop. This was addressed in epan/dissectors/packet-gsm_gsup.c by rejecting an invalid Information Element length. Scope: local bookworm: resolved bullseye: resolved forky: resolved sid: resolved trixie: resolved

CVE-2019-10903 [HIGH] CVE-2019-10903: wireshark - In Wireshark 2.4.0 to 2.4.13, 2.6.0 to 2.6.7, and 3.0.0, the DCERPC SPOOLSS diss... In Wireshark 2.4.0 to 2.4.13, 2.6.0 to 2.6.7, and 3.0.0, the DCERPC SPOOLSS dissector could crash. This was addressed in epan/dissectors/packet-dcerpc-spoolss.c by adding a boundary check. Scope: local bookworm: resolved (fixed in 2.6.8-1) bullseye: resolved (fixed in 2.6.8-1) forky: resolved (fixed in 2.6.8-1) sid: resolved (fixed in 2.6.8-1) trixie: resolved (fi

CVE-2019-5719 [MEDIUM] CVE-2019-5719: wireshark - In Wireshark 2.6.0 to 2.6.5 and 2.4.0 to 2.4.11, the ISAKMP dissector could cras... In Wireshark 2.6.0 to 2.6.5 and 2.4.0 to 2.4.11, the ISAKMP dissector could crash. This was addressed in epan/dissectors/packet-isakmp.c by properly handling the case of a missing decryption data block. Scope: local bookworm: resolved (fixed in 2.6.6-1) bullseye: resolved (fixed in 2.6.6-1) forky: resolved (fixed in 2.6.6-1) sid: resolved (fixed in 2.6.6-1) trixie

CVE-2019-19553 [HIGH] CVE-2019-19553: wireshark - In Wireshark 3.0.0 to 3.0.6 and 2.6.0 to 2.6.12, the CMS dissector could crash. ... In Wireshark 3.0.0 to 3.0.6 and 2.6.0 to 2.6.12, the CMS dissector could crash. This was addressed in epan/dissectors/asn1/cms/packet-cms-template.c by ensuring that an object identifier is set to NULL after a ContentInfo dissection. Scope: local bookworm: resolved (fixed in 3.0.7-1) bullseye: resolved (fixed in 3.0.7-1) forky: resolved (fixed in 3.0.7-1) sid: res

CVE-2019-12295 [HIGH] CVE-2019-12295: wireshark - In Wireshark 3.0.0 to 3.0.1, 2.6.0 to 2.6.8, and 2.4.0 to 2.4.14, the dissection... In Wireshark 3.0.0 to 3.0.1, 2.6.0 to 2.6.8, and 2.4.0 to 2.4.14, the dissection engine could crash. This was addressed in epan/packet.c by restricting the number of layers and consequently limiting recursion. Scope: local bookworm: resolved (fixed in 2.6.8-1.1) bullseye: resolved (fixed in 2.6.8-1.1) forky: resolved (fixed in 2.6.8-1.1) sid: resolved (fixed in 2.

CVE-2019-16319 [HIGH] CVE-2019-16319: wireshark - In Wireshark 3.0.0 to 3.0.3 and 2.6.0 to 2.6.10, the Gryphon dissector could go ... In Wireshark 3.0.0 to 3.0.3 and 2.6.0 to 2.6.10, the Gryphon dissector could go into an infinite loop. This was addressed in plugins/epan/gryphon/packet-gryphon.c by checking for a message length of zero. Scope: local bookworm: resolved (fixed in 3.0.4-1) bullseye: resolved (fixed in 3.0.4-1) forky: resolved (fixed in 3.0.4-1) sid: resolved (fixed in 3.0.4-1) trix

CVE-2019-10899 [HIGH] CVE-2019-10899: wireshark - In Wireshark 2.4.0 to 2.4.13, 2.6.0 to 2.6.7, and 3.0.0, the SRVLOC dissector co... In Wireshark 2.4.0 to 2.4.13, 2.6.0 to 2.6.7, and 3.0.0, the SRVLOC dissector could crash. This was addressed in epan/dissectors/packet-srvloc.c by preventing a heap-based buffer under-read. Scope: local bookworm: resolved (fixed in 2.6.8-1) bullseye: resolved (fixed in 2.6.8-1) forky: resolved (fixed in 2.6.8-1) sid: resolved (fixed in 2.6.8-1) trixie: resolved (

CVE-2019-10900 [HIGH] CVE-2019-10900: wireshark - In Wireshark 3.0.0, the Rbm dissector could go into an infinite loop. This was a... In Wireshark 3.0.0, the Rbm dissector could go into an infinite loop. This was addressed in epan/dissectors/file-rbm.c by handling unknown object types safely. Scope: local bookworm: resolved bullseye: resolved forky: resolved sid: resolved trixie: resolved

CVE-2019-5718 [MEDIUM] CVE-2019-5718: wireshark - In Wireshark 2.6.0 to 2.6.5 and 2.4.0 to 2.4.11, the RTSE dissector and other AS... In Wireshark 2.6.0 to 2.6.5 and 2.4.0 to 2.4.11, the RTSE dissector and other ASN.1 dissectors could crash. This was addressed in epan/charsets.c by adding a get_t61_string length check. Scope: local bookworm: resolved (fixed in 2.6.6-1) bullseye: resolved (fixed in 2.6.6-1) forky: resolved (fixed in 2.6.6-1) sid: resolved (fixed in 2.6.6-1) trixie: resolved (fixe

CVE-2019-10895 [HIGH] CVE-2019-10895: wireshark - In Wireshark 2.4.0 to 2.4.13, 2.6.0 to 2.6.7, and 3.0.0, the NetScaler file pars... In Wireshark 2.4.0 to 2.4.13, 2.6.0 to 2.6.7, and 3.0.0, the NetScaler file parser could crash. This was addressed in wiretap/netscaler.c by improving data validation. Scope: local bookworm: resolved (fixed in 2.6.8-1) bullseye: resolved (fixed in 2.6.8-1) forky: resolved (fixed in 2.6.8-1) sid: resolved (fixed in 2.6.8-1) trixie: resolved (fixed in 2.6.8-1)

CVE-2019-10897 [HIGH] CVE-2019-10897: wireshark - In Wireshark 3.0.0, the IEEE 802.11 dissector could go into an infinite loop. Th... In Wireshark 3.0.0, the IEEE 802.11 dissector could go into an infinite loop. This was addressed in epan/dissectors/packet-ieee80211.c by detecting cases in which the bit offset does not advance. Scope: local bookworm: resolved bullseye: resolved forky: resolved sid: resolved trixie: resolved

CVE-2019-13619 [HIGH] CVE-2019-13619: wireshark - In Wireshark 3.0.0 to 3.0.2, 2.6.0 to 2.6.9, and 2.4.0 to 2.4.15, the ASN.1 BER ... In Wireshark 3.0.0 to 3.0.2, 2.6.0 to 2.6.9, and 2.4.0 to 2.4.15, the ASN.1 BER dissector and related dissectors could crash. This was addressed in epan/asn1.c by properly restricting buffer increments. Scope: local bookworm: resolved (fixed in 2.6.10-1) bullseye: resolved (fixed in 2.6.10-1) forky: resolved (fixed in 2.6.10-1) sid: resolved (fixed in 2.6.10-1) tr

CVE-2019-10901 [HIGH] CVE-2019-10901: wireshark - In Wireshark 2.4.0 to 2.4.13, 2.6.0 to 2.6.7, and 3.0.0, the LDSS dissector coul... In Wireshark 2.4.0 to 2.4.13, 2.6.0 to 2.6.7, and 3.0.0, the LDSS dissector could crash. This was addressed in epan/dissectors/packet-ldss.c by handling file digests properly. Scope: local bookworm: resolved (fixed in 2.6.8-1) bullseye: resolved (fixed in 2.6.8-1) forky: resolved (fixed in 2.6.8-1) sid: resolved (fixed in 2.6.8-1) trixie: resolved (fixed in 2.6.8-

CVE-2019-5717 [MEDIUM] CVE-2019-5717: wireshark - In Wireshark 2.6.0 to 2.6.5 and 2.4.0 to 2.4.11, the P_MUL dissector could crash... In Wireshark 2.6.0 to 2.6.5 and 2.4.0 to 2.4.11, the P_MUL dissector could crash. This was addressed in epan/dissectors/packet-p_mul.c by rejecting the invalid sequence number of zero. Scope: local bookworm: resolved (fixed in 2.6.6-1) bullseye: resolved (fixed in 2.6.6-1) forky: resolved (fixed in 2.6.6-1) sid: resolved (fixed in 2.6.6-1) trixie: resolved (fixed

CVE-2019-10894 [HIGH] CVE-2019-10894: wireshark - In Wireshark 2.4.0 to 2.4.13, 2.6.0 to 2.6.7, and 3.0.0, the GSS-API dissector c... In Wireshark 2.4.0 to 2.4.13, 2.6.0 to 2.6.7, and 3.0.0, the GSS-API dissector could crash. This was addressed in epan/dissectors/packet-gssapi.c by ensuring that a valid dissector is called. Scope: local bookworm: resolved (fixed in 2.6.8-1) bullseye: resolved (fixed in 2.6.8-1) forky: resolved (fixed in 2.6.8-1) sid: resolved (fixed in 2.6.8-1) trixie: resolved

CVE-2018-14367 [HIGH] CVE-2018-14367: wireshark - In Wireshark 2.6.0 to 2.6.1 and 2.4.0 to 2.4.7, the CoAP protocol dissector coul... In Wireshark 2.6.0 to 2.6.1 and 2.4.0 to 2.4.7, the CoAP protocol dissector could crash. This was addressed in epan/dissectors/packet-coap.c by properly checking for a NULL condition. Scope: local bookworm: resolved (fixed in 2.6.2-1) bullseye: resolved (fixed in 2.6.2-1) forky: resolved (fixed in 2.6.2-1) sid: resolved (fixed in 2.6.2-1) trixie: resolved (fixed i

CVE-2018-18225 [HIGH] CVE-2018-18225: wireshark - In Wireshark 2.6.0 to 2.6.3, the CoAP dissector could crash. This was addressed ... In Wireshark 2.6.0 to 2.6.3, the CoAP dissector could crash. This was addressed in epan/dissectors/packet-coap.c by ensuring that the piv length is correctly computed. Scope: local bookworm: resolved (fixed in 2.6.4-1) bullseye: resolved (fixed in 2.6.4-1) forky: resolved (fixed in 2.6.4-1) sid: resolved (fixed in 2.6.4-1) trixie: resolved (fixed in 2.6.4-1)

CVE-2018-19628 [HIGH] CVE-2018-19628: wireshark - In Wireshark 2.6.0 to 2.6.4, the ZigBee ZCL dissector could crash. This was addr... In Wireshark 2.6.0 to 2.6.4, the ZigBee ZCL dissector could crash. This was addressed in epan/dissectors/packet-zbee-zcl-lighting.c by preventing a divide-by-zero error. Scope: local bookworm: resolved (fixed in 2.6.5-1) bullseye: resolved (fixed in 2.6.5-1) forky: resolved (fixed in 2.6.5-1) sid: resolved (fixed in 2.6.5-1) trixie: resolved (fixed in 2.6.5-1)