Wireshark Multiple Denial of Service Vulnerabilities
BID:106482
CVE-2019-5716 | CVE-2019-5717 | CVE-2019-5718 |Info
Wireshark Multiple Denial of Service Vulnerabilities
| Bugtraq ID: | 106482 |
| Class: | Failure to Handle Exceptional Conditions |
| CVE: |
CVE-2019-5718 CVE-2019-5717 CVE-2019-5716 |
| Remote: | Yes |
| Local: | No |
| Published: | Jan 08 2019 12:00AM |
| Updated: | Jan 08 2019 12:00AM |
| Credit: | The vendor reported these issues. |
| Vulnerable: |
Wireshark Wireshark 2.6.5 Wireshark Wireshark 2.6.4 Wireshark Wireshark 2.6.3 Wireshark Wireshark 2.6.2 Wireshark Wireshark 2.6.1 Wireshark Wireshark 2.6 Wireshark Wireshark 2.4.11 Wireshark Wireshark 2.4.10 Wireshark Wireshark 2.4.9 Wireshark Wireshark 2.4.8 Wireshark Wireshark 2.4.7 Wireshark Wireshark 2.4.6 Wireshark Wireshark 2.4.5 Wireshark Wireshark 2.4.4 Wireshark Wireshark 2.4.3 Wireshark Wireshark 2.4.1 Wireshark Wireshark 2.4 Wireshark Wireshark 2.4.2 |
| Not Vulnerable: |
Wireshark Wireshark 2.6.6 Wireshark Wireshark 2.4.12 |
Discussion
Wireshark Multiple Denial of Service Vulnerabilities
Wireshark is prone to multiple denial-of-service vulnerabilities.
An attacker can exploit these issues by injecting a malformed packet onto the wire or by convincing someone to read a malformed 'pcap' file.
Attackers can exploit these issues to crash the affected application or to consume excess memory, denying service to legitimate users.
Wireshark is prone to multiple denial-of-service vulnerabilities.
An attacker can exploit these issues by injecting a malformed packet onto the wire or by convincing someone to read a malformed 'pcap' file.
Attackers can exploit these issues to crash the affected application or to consume excess memory, denying service to legitimate users.
Exploit / POC
Wireshark Multiple Denial of Service Vulnerabilities
Sample packet trace files are available in the Wireshark bug reports. Please see the references for more information.
Sample packet trace files are available in the Wireshark bug reports. Please see the references for more information.
Solution / Fix
Wireshark Multiple Denial of Service Vulnerabilities
Solution:
Updates are available. Please see the references or vendor advisory for more information.
Solution:
Updates are available. Please see the references or vendor advisory for more information.
References
Wireshark Multiple Denial of Service Vulnerabilities
References:
References:
- Wireshark Homepage (Wireshark)
- Bug 14470 - Crafted CIP packets causes heap-use-after-free (Wireshark)
- Bug 15217 - Buildbot crash output: randpkt-2018-10-18-13414.pcap (Wireshark)
- Bug 15337 - Buildbot crash output: fuzz-2018-12-05-10088.pcap (Wireshark)
- Bug 15373 - Wireshark heap out-of-bounds read in get_t61_string (Wireshark)
- wnpa-sec-2019-01 · 6LoWPAN dissector crash (Wireshark)
- wnpa-sec-2019-02 · P_MUL dissector crash (Wireshark)
- wnpa-sec-2019-03 · RTSE dissector crash (Wireshark)
- wnpa-sec-2019-05 · ENIP dissector crash (Wireshark)