CVSS: 5.5EPSS: 0%CPEs: 10EXPL: 1CVE-2019-9209
https://notcve.org/view.php?id=CVE-2019-9209
In Wireshark 2.4.0 to 2.4.12 and 2.6.0 to 2.6.6, the ASN.1 BER and related dissectors could crash. This was addressed in epan/dissectors/packet-ber.c by preventing a buffer overflow associated with excessive digits in time values. En Wireshark, desde la versión 2.4.0 hasta la 2.4.12 y desde la 2.6.0 hasta la 2.6.6, el disector ASN.1 BER y relacionados podrían cerrarse inesperadamente. Esto se abordó en epan/dissectors/packet-ber.c, previniendo un desbordamiento de búfer asociado con dígitos excesivos en los valores de tiempo. • http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00007.html http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00027.html http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00027.html http://www.securityfocus.com/bid/107203 https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=15447 https://code.wireshark.org/review/gitweb?p=wireshark.git%3Ba=commit%3Bh=f8fbe9f934d65b2694fa74622e5eb2e1dc8cd20b https://lists.debian.org/debian-lts-announce/2019/03/msg00031.html https:/ • CWE-193: Off-by-one Error CWE-787: Out-of-bounds Write •
CVSS: 7.5EPSS: 0%CPEs: 3EXPL: 0CVE-2019-9214
https://notcve.org/view.php?id=CVE-2019-9214
In Wireshark 2.4.0 to 2.4.12 and 2.6.0 to 2.6.6, the RPCAP dissector could crash. This was addressed in epan/dissectors/packet-rpcap.c by avoiding an attempted dereference of a NULL conversation. En Wireshark, desde la versión 2.4.0 hasta la 2.4.12 y desde la 2.60 hasta la 2.6.6, el disector RPCAP podría cerrarse inesperadamente. Esto se trató en epan/dissectors/packet-rpcap.c evitando un intento de desreferencia de una conversación NULL. • http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00007.html http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00027.html http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00027.html http://www.securityfocus.com/bid/107203 https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=15536 https://code.wireshark.org/review/gitweb?p=wireshark.git%3Ba=commit%3Bh=c557bb0910be271e49563756411a690a1bc53ce5 https://seclists.org/bugtraq/2019/Mar/35 https://usn.ubuntu.com/3986- • CWE-476: NULL Pointer Dereference •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 1CVE-2019-5721
https://notcve.org/view.php?id=CVE-2019-5721
In Wireshark 2.4.0 to 2.4.11, the ENIP dissector could crash. This was addressed in epan/dissectors/packet-enip.c by changing the memory-management approach so that a use-after-free is avoided. En Wireshark, desde la versión 2.4.0 hasta la 2.4.11, el disector ENIP podría cerrarse inesperadamente. Esto se trató en epan/dissectors/packet-enip.c, cambiando el enfoque de gestión de memoria para evitar el uso de memoria previamente liberada. • http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00027.html https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=14470 https://code.wireshark.org/review/gitweb?p=wireshark.git%3Ba=commit%3Bh=1c66174ec7aa19e2ddc79178cf59f15a654fc4fe https://www.wireshark.org/security/wnpa-sec-2019-05.html • CWE-416: Use After Free •
CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 1CVE-2019-5716
https://notcve.org/view.php?id=CVE-2019-5716
In Wireshark 2.6.0 to 2.6.5, the 6LoWPAN dissector could crash. This was addressed in epan/dissectors/packet-6lowpan.c by avoiding use of a TVB before its creation. En Wireshark desde la versión 2.6.0 hasta la 2.6.5, el disector 6LoWPAN podría cerrarse inesperadamente. Esto se trató en epan/dissectors/packet-6lowpan.c, evitando el uso de un TVB antes de su creación. • http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00027.html http://www.securityfocus.com/bid/106482 https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=15217 https://code.wireshark.org/review/gitweb?p=wireshark.git%3Ba=commit%3Bh=2b2eea1793dbff813896e1ae9dff1bedb39ee010 https://lists.debian.org/debian-lts-announce/2019/01/msg00022.html https://seclists.org/bugtraq/2019/Mar/35 https://www.debian.org/security/2019/dsa-4416 https://www.wireshark.org/security/wnpa-sec-2019-01.html • CWE-20: Improper Input Validation •
CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 1CVE-2019-5717
https://notcve.org/view.php?id=CVE-2019-5717
In Wireshark 2.6.0 to 2.6.5 and 2.4.0 to 2.4.11, the P_MUL dissector could crash. This was addressed in epan/dissectors/packet-p_mul.c by rejecting the invalid sequence number of zero. En Wireshark, desde la versión 2.6.0 hasta la 2.6.5 y desde la 2.4.0 hasta la 2.4.11, el disector P_MUL podría cerrarse inesperadamente. Esto se trató en epan/dissectors/packet-p_mul.c, rechazando el número de secuencia de cero no válido. • http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00027.html http://www.securityfocus.com/bid/106482 https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=15337 https://code.wireshark.org/review/gitweb?p=wireshark.git%3Ba=commit%3Bh=bf9272a92f3df1e4ccfaad434e123222ae5313f7 https://lists.debian.org/debian-lts-announce/2019/01/msg00022.html https://seclists.org/bugtraq/2019/Mar/35 https://www.debian.org/security/2019/dsa-4416 https://www.wireshark.org/security/wnpa-sec-2019-02.html • CWE-20: Improper Input Validation •