CVE-2019-12295

Name
CVE-2019-12295
Description
In Wireshark 3.0.0 to 3.0.1, 2.6.0 to 2.6.8, and 2.4.0 to 2.4.14, the dissection engine could crash. This was addressed in epan/packet.c by restricting the number of layers and consequently limiting recursion.
NVD Severity
medium
Other trackers
Mailing lists
Exploits
Forges
GitHub (code, issues), Aports (code, issues)

References

Type URI
Vendor Advisory https://www.wireshark.org/security/wnpa-sec-2019-19.html
Patch https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=7b6e197da4c497e229ed3ebf6952bae5c426a820
Issue Tracking https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=15778
BID http://www.securityfocus.com/bid/108464
CONFIRM https://support.f5.com/csp/article/K06725231
UBUNTU https://usn.ubuntu.com/4133-1/
CONFIRM https://support.f5.com/csp/article/K06725231?utm_source=f5support&utm_medium=RSS
MLIST https://lists.debian.org/debian-lts-announce/2020/10/msg00036.html

Match rules

CPE URI Source package Min version Max version
cpe:2.3:a:wireshark:wireshark:*:*:*:*:*:*:*:* wireshark >= 2.6.0 <= 2.6.8
cpe:2.3:a:wireshark:wireshark:*:*:*:*:*:*:*:* wireshark >= 3.0.0 <= 3.0.1
cpe:2.3:a:wireshark:wireshark:*:*:*:*:*:*:*:* wireshark >= 2.4.0 <= 2.4.14

Vulnerable and fixed packages

Source package Branch Version Maintainer Status