rpm package
opensuse/wireshark&distro=openSUSE Leap 15.0
pkg:rpm/opensuse/wireshark&distro=openSUSE%20Leap%2015.0
Vulnerabilities (14)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2019-13619 | — | < 2.4.16-lp151.2.6.1 | 2.4.16-lp151.2.6.1 | Jul 17, 2019 | In Wireshark 3.0.0 to 3.0.2, 2.6.0 to 2.6.9, and 2.4.0 to 2.4.15, the ASN.1 BER dissector and related dissectors could crash. This was addressed in epan/asn1.c by properly restricting buffer increments. | ||
| CVE-2019-10903 | — | < 2.4.14-lp150.2.26.3 | 2.4.14-lp150.2.26.3 | Apr 9, 2019 | In Wireshark 2.4.0 to 2.4.13, 2.6.0 to 2.6.7, and 3.0.0, the DCERPC SPOOLSS dissector could crash. This was addressed in epan/dissectors/packet-dcerpc-spoolss.c by adding a boundary check. | ||
| CVE-2019-10901 | — | < 2.4.14-lp150.2.26.3 | 2.4.14-lp150.2.26.3 | Apr 9, 2019 | In Wireshark 2.4.0 to 2.4.13, 2.6.0 to 2.6.7, and 3.0.0, the LDSS dissector could crash. This was addressed in epan/dissectors/packet-ldss.c by handling file digests properly. | ||
| CVE-2019-10899 | — | < 2.4.14-lp150.2.26.3 | 2.4.14-lp150.2.26.3 | Apr 9, 2019 | In Wireshark 2.4.0 to 2.4.13, 2.6.0 to 2.6.7, and 3.0.0, the SRVLOC dissector could crash. This was addressed in epan/dissectors/packet-srvloc.c by preventing a heap-based buffer under-read. | ||
| CVE-2019-10896 | — | < 2.4.14-lp150.2.26.3 | 2.4.14-lp150.2.26.3 | Apr 9, 2019 | In Wireshark 2.4.0 to 2.4.13, 2.6.0 to 2.6.7, and 3.0.0, the DOF dissector could crash. This was addressed in epan/dissectors/packet-dof.c by properly handling generated IID and OID bytes. | ||
| CVE-2019-10895 | — | < 2.4.14-lp150.2.26.3 | 2.4.14-lp150.2.26.3 | Apr 9, 2019 | In Wireshark 2.4.0 to 2.4.13, 2.6.0 to 2.6.7, and 3.0.0, the NetScaler file parser could crash. This was addressed in wiretap/netscaler.c by improving data validation. | ||
| CVE-2019-10894 | — | < 2.4.14-lp150.2.26.3 | 2.4.14-lp150.2.26.3 | Apr 9, 2019 | In Wireshark 2.4.0 to 2.4.13, 2.6.0 to 2.6.7, and 3.0.0, the GSS-API dissector could crash. This was addressed in epan/dissectors/packet-gssapi.c by ensuring that a valid dissector is called. | ||
| CVE-2019-9214 | — | < 2.4.13-lp150.2.23.1 | 2.4.13-lp150.2.23.1 | Feb 28, 2019 | In Wireshark 2.4.0 to 2.4.12 and 2.6.0 to 2.6.6, the RPCAP dissector could crash. This was addressed in epan/dissectors/packet-rpcap.c by avoiding an attempted dereference of a NULL conversation. | ||
| CVE-2019-9209 | — | < 2.4.13-lp150.2.23.1 | 2.4.13-lp150.2.23.1 | Feb 28, 2019 | In Wireshark 2.4.0 to 2.4.12 and 2.6.0 to 2.6.6, the ASN.1 BER and related dissectors could crash. This was addressed in epan/dissectors/packet-ber.c by preventing a buffer overflow associated with excessive digits in time values. | ||
| CVE-2019-9208 | — | < 2.4.13-lp150.2.23.1 | 2.4.13-lp150.2.23.1 | Feb 28, 2019 | In Wireshark 2.4.0 to 2.4.12 and 2.6.0 to 2.6.6, the TCAP dissector could crash. This was addressed in epan/dissectors/asn1/tcap/tcap.cnf by avoiding NULL pointer dereferences. | ||
| CVE-2019-5721 | — | < 2.4.12-lp150.2.19.1 | 2.4.12-lp150.2.19.1 | Jan 8, 2019 | In Wireshark 2.4.0 to 2.4.11, the ENIP dissector could crash. This was addressed in epan/dissectors/packet-enip.c by changing the memory-management approach so that a use-after-free is avoided. | ||
| CVE-2019-5719 | — | < 2.4.12-lp150.2.19.1 | 2.4.12-lp150.2.19.1 | Jan 8, 2019 | In Wireshark 2.6.0 to 2.6.5 and 2.4.0 to 2.4.11, the ISAKMP dissector could crash. This was addressed in epan/dissectors/packet-isakmp.c by properly handling the case of a missing decryption data block. | ||
| CVE-2019-5718 | — | < 2.4.12-lp150.2.19.1 | 2.4.12-lp150.2.19.1 | Jan 8, 2019 | In Wireshark 2.6.0 to 2.6.5 and 2.4.0 to 2.4.11, the RTSE dissector and other ASN.1 dissectors could crash. This was addressed in epan/charsets.c by adding a get_t61_string length check. | ||
| CVE-2019-5717 | — | < 2.4.12-lp150.2.19.1 | 2.4.12-lp150.2.19.1 | Jan 8, 2019 | In Wireshark 2.6.0 to 2.6.5 and 2.4.0 to 2.4.11, the P_MUL dissector could crash. This was addressed in epan/dissectors/packet-p_mul.c by rejecting the invalid sequence number of zero. |
- CVE-2019-13619Jul 17, 2019affected < 2.4.16-lp151.2.6.1fixed 2.4.16-lp151.2.6.1
In Wireshark 3.0.0 to 3.0.2, 2.6.0 to 2.6.9, and 2.4.0 to 2.4.15, the ASN.1 BER dissector and related dissectors could crash. This was addressed in epan/asn1.c by properly restricting buffer increments.
- CVE-2019-10903Apr 9, 2019affected < 2.4.14-lp150.2.26.3fixed 2.4.14-lp150.2.26.3
In Wireshark 2.4.0 to 2.4.13, 2.6.0 to 2.6.7, and 3.0.0, the DCERPC SPOOLSS dissector could crash. This was addressed in epan/dissectors/packet-dcerpc-spoolss.c by adding a boundary check.
- CVE-2019-10901Apr 9, 2019affected < 2.4.14-lp150.2.26.3fixed 2.4.14-lp150.2.26.3
In Wireshark 2.4.0 to 2.4.13, 2.6.0 to 2.6.7, and 3.0.0, the LDSS dissector could crash. This was addressed in epan/dissectors/packet-ldss.c by handling file digests properly.
- CVE-2019-10899Apr 9, 2019affected < 2.4.14-lp150.2.26.3fixed 2.4.14-lp150.2.26.3
In Wireshark 2.4.0 to 2.4.13, 2.6.0 to 2.6.7, and 3.0.0, the SRVLOC dissector could crash. This was addressed in epan/dissectors/packet-srvloc.c by preventing a heap-based buffer under-read.
- CVE-2019-10896Apr 9, 2019affected < 2.4.14-lp150.2.26.3fixed 2.4.14-lp150.2.26.3
In Wireshark 2.4.0 to 2.4.13, 2.6.0 to 2.6.7, and 3.0.0, the DOF dissector could crash. This was addressed in epan/dissectors/packet-dof.c by properly handling generated IID and OID bytes.
- CVE-2019-10895Apr 9, 2019affected < 2.4.14-lp150.2.26.3fixed 2.4.14-lp150.2.26.3
In Wireshark 2.4.0 to 2.4.13, 2.6.0 to 2.6.7, and 3.0.0, the NetScaler file parser could crash. This was addressed in wiretap/netscaler.c by improving data validation.
- CVE-2019-10894Apr 9, 2019affected < 2.4.14-lp150.2.26.3fixed 2.4.14-lp150.2.26.3
In Wireshark 2.4.0 to 2.4.13, 2.6.0 to 2.6.7, and 3.0.0, the GSS-API dissector could crash. This was addressed in epan/dissectors/packet-gssapi.c by ensuring that a valid dissector is called.
- CVE-2019-9214Feb 28, 2019affected < 2.4.13-lp150.2.23.1fixed 2.4.13-lp150.2.23.1
In Wireshark 2.4.0 to 2.4.12 and 2.6.0 to 2.6.6, the RPCAP dissector could crash. This was addressed in epan/dissectors/packet-rpcap.c by avoiding an attempted dereference of a NULL conversation.
- CVE-2019-9209Feb 28, 2019affected < 2.4.13-lp150.2.23.1fixed 2.4.13-lp150.2.23.1
In Wireshark 2.4.0 to 2.4.12 and 2.6.0 to 2.6.6, the ASN.1 BER and related dissectors could crash. This was addressed in epan/dissectors/packet-ber.c by preventing a buffer overflow associated with excessive digits in time values.
- CVE-2019-9208Feb 28, 2019affected < 2.4.13-lp150.2.23.1fixed 2.4.13-lp150.2.23.1
In Wireshark 2.4.0 to 2.4.12 and 2.6.0 to 2.6.6, the TCAP dissector could crash. This was addressed in epan/dissectors/asn1/tcap/tcap.cnf by avoiding NULL pointer dereferences.
- CVE-2019-5721Jan 8, 2019affected < 2.4.12-lp150.2.19.1fixed 2.4.12-lp150.2.19.1
In Wireshark 2.4.0 to 2.4.11, the ENIP dissector could crash. This was addressed in epan/dissectors/packet-enip.c by changing the memory-management approach so that a use-after-free is avoided.
- CVE-2019-5719Jan 8, 2019affected < 2.4.12-lp150.2.19.1fixed 2.4.12-lp150.2.19.1
In Wireshark 2.6.0 to 2.6.5 and 2.4.0 to 2.4.11, the ISAKMP dissector could crash. This was addressed in epan/dissectors/packet-isakmp.c by properly handling the case of a missing decryption data block.
- CVE-2019-5718Jan 8, 2019affected < 2.4.12-lp150.2.19.1fixed 2.4.12-lp150.2.19.1
In Wireshark 2.6.0 to 2.6.5 and 2.4.0 to 2.4.11, the RTSE dissector and other ASN.1 dissectors could crash. This was addressed in epan/charsets.c by adding a get_t61_string length check.
- CVE-2019-5717Jan 8, 2019affected < 2.4.12-lp150.2.19.1fixed 2.4.12-lp150.2.19.1
In Wireshark 2.6.0 to 2.6.5 and 2.4.0 to 2.4.11, the P_MUL dissector could crash. This was addressed in epan/dissectors/packet-p_mul.c by rejecting the invalid sequence number of zero.