CVE-2019-12295

Published: 23 May 2019

In Wireshark 3.0.0 to 3.0.1, 2.6.0 to 2.6.8, and 2.4.0 to 2.4.14, the dissection engine could crash. This was addressed in epan/packet.c by restricting the number of layers and consequently limiting recursion.

From the Ubuntu security team

It was discovered that Wireshark improperly handled certain input. A remote or local attacker could cause Wireshark to crash by injecting malformed packets onto the wire or convincing someone to read a malformed packet trace file.

Priority

Low

CVSS 3 base score: 7.5

Status

Package Release Status
wireshark
Launchpad, Ubuntu, Debian
Upstream
Released (2.6.8-1.1)
Ubuntu 21.10 (Impish Indri) Not vulnerable
(3.0.3-1)
Ubuntu 21.04 (Hirsute Hippo) Not vulnerable
(3.0.3-1)
Ubuntu 20.04 LTS (Focal Fossa) Not vulnerable
(3.0.3-1)
Ubuntu 18.04 LTS (Bionic Beaver)
Released (2.6.10-1~ubuntu18.04.0)
Ubuntu 16.04 ESM (Xenial Xerus)
Released (2.6.10-1~ubuntu16.04.0)
Ubuntu 14.04 ESM (Trusty Tahr) Needed