CVSS: 7.5EPSS: 0%CPEs: 13EXPL: 1CVE-2019-10899
https://notcve.org/view.php?id=CVE-2019-10899
In Wireshark 2.4.0 to 2.4.13, 2.6.0 to 2.6.7, and 3.0.0, the SRVLOC dissector could crash. This was addressed in epan/dissectors/packet-srvloc.c by preventing a heap-based buffer under-read. En Wireshark 2.4.0 a 2.4.13, 2.6.0 a 2.6.7 y 3.0.0, el disector SRVLOC podría fallar. Esto se abordó en epan/disectors/packet-srvloc.c evitando una lectura insuficiente del búfer basado en pilas. • http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00022.html http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00027.html http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00027.html http://www.securityfocus.com/bid/107834 https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=15546 https://code.wireshark.org/review/gitweb?p=wireshark.git%3Ba=commit%3Bh=b16fea2f175a3297edac118c8844c7987d31c1cb https://lists.debian.org/debian-lts-announce/2019/05/msg00034.html https:/ • CWE-125: Out-of-bounds Read •
CVSS: 7.5EPSS: 0%CPEs: 12EXPL: 1CVE-2019-10896
https://notcve.org/view.php?id=CVE-2019-10896
In Wireshark 2.4.0 to 2.4.13, 2.6.0 to 2.6.7, and 3.0.0, the DOF dissector could crash. This was addressed in epan/dissectors/packet-dof.c by properly handling generated IID and OID bytes. En Wireshark 2.4.0 a 2.4.13, 2.6.0 a 2.6.7 y 3.0.0, el disector DOF podría fallar. Esto fue tratado en epan/disectores/packet-dof.c manejando adecuadamente los bytes IID y OID generados. • http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00022.html http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00027.html http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00027.html http://www.securityfocus.com/bid/107834 https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=15617 https://code.wireshark.org/review/gitweb?p=wireshark.git%3Ba=commit%3Bh=441b6d9071d6341e58dfe10719375489c5b8e3f0 https://lists.debian.org/debian-lts-announce/2020/10/msg00036.html https:/ • CWE-787: Out-of-bounds Write •
CVSS: 7.5EPSS: 0%CPEs: 13EXPL: 1CVE-2019-10895
https://notcve.org/view.php?id=CVE-2019-10895
In Wireshark 2.4.0 to 2.4.13, 2.6.0 to 2.6.7, and 3.0.0, the NetScaler file parser could crash. This was addressed in wiretap/netscaler.c by improving data validation. En Wireshark 2.4.0 a 2.4.13, 2.6.0 a 2.6.7 y 3.0.0, el analizador de archivos de NetScaler puede fallar. Esto se abordó en wiretap/netscaler.c mejorando la validación de los datos. • http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00022.html http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00027.html http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00027.html http://www.securityfocus.com/bid/107834 https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=15497 https://code.wireshark.org/review/gitweb?p=wireshark.git%3Ba=commit%3Bh=2fbbde780e5d5d82e31dca656217daf278cf62bb https://code.wireshark.org/review/gitweb?p=wireshark.git%3Ba=commit%3Bh=38680c4c6 • CWE-125: Out-of-bounds Read •
CVSS: 7.5EPSS: 0%CPEs: 13EXPL: 1CVE-2019-10894
https://notcve.org/view.php?id=CVE-2019-10894
In Wireshark 2.4.0 to 2.4.13, 2.6.0 to 2.6.7, and 3.0.0, the GSS-API dissector could crash. This was addressed in epan/dissectors/packet-gssapi.c by ensuring that a valid dissector is called. En Wireshark 2.4.0 a 2.4.13, 2.6.0 a 2.6.7 y 3.0.0, el disector GSS-API puede fallar. Esto fue tratado en epan/disectors/packet-gssapi.c asegurándose de que llama a un disector válido. • http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00022.html http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00027.html http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00027.html http://www.securityfocus.com/bid/107834 https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=15613 https://code.wireshark.org/review/gitweb?p=wireshark.git%3Ba=commit%3Bh=b20e5d8aae2580e29c83ddaf0b6b2e640603e4aa https://lists.debian.org/debian-lts-announce/2019/05/msg00034.html https:/ • CWE-617: Reachable Assertion •
CVSS: 7.5EPSS: 0%CPEs: 3EXPL: 1CVE-2019-9208
https://notcve.org/view.php?id=CVE-2019-9208
In Wireshark 2.4.0 to 2.4.12 and 2.6.0 to 2.6.6, the TCAP dissector could crash. This was addressed in epan/dissectors/asn1/tcap/tcap.cnf by avoiding NULL pointer dereferences. En Wireshark, desde la versión 2.4.0 hasta la 2.4.12 y desde la 2.60 hasta la 2.6.6, el disector TCAP podría cerrarse inesperadamente. Esto se abordó en epan/dissectors/asn1/tcap/tcap.cn evitando desreferencias de puntero NULL. • http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00007.html http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00027.html http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00027.html http://www.securityfocus.com/bid/107203 https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=15464 https://code.wireshark.org/review/gitweb?p=wireshark.git%3Ba=commit%3Bh=3d1b8004ed3a07422ca5d4e4ee8097150b934fd2 https://seclists.org/bugtraq/2019/Mar/35 https://usn.ubuntu.com/3986- • CWE-476: NULL Pointer Dereference •