Your submission was sent successfully! Close

CVE-2019-13619

Published: 17 July 2019

In Wireshark 3.0.0 to 3.0.2, 2.6.0 to 2.6.9, and 2.4.0 to 2.4.15, the ASN.1 BER dissector and related dissectors could crash. This was addressed in epan/asn1.c by properly restricting buffer increments.

From the Ubuntu security team

It was discovered that Wireshark improperly handled certain input. A remote or local attacker could cause Wireshark to crash by injecting malformed packets onto the wire or convincing someone to read a malformed packet trace file.

Priority

Medium

CVSS 3 base score: 7.5

Status

Package Release Status
wireshark
Launchpad, Ubuntu, Debian
Upstream
Released (2.6.10-1)
Ubuntu 21.10 (Impish Indri) Not vulnerable
(3.0.3-1)
Ubuntu 21.04 (Hirsute Hippo) Not vulnerable
(3.0.3-1)
Ubuntu 20.04 LTS (Focal Fossa) Not vulnerable
(3.0.3-1)
Ubuntu 18.04 LTS (Bionic Beaver)
Released (2.6.10-1~ubuntu18.04.0)
Ubuntu 16.04 ESM (Xenial Xerus)
Released (2.6.10-1~ubuntu16.04.0)
Ubuntu 14.04 ESM (Trusty Tahr) Needed