CVE-2019-12295

Common vulnerabilities & exposures (CVE)

CVE database CVE database blogpost Release & EoL database

Published at: - 23-05-2019 02:29

Last modified: - 03-05-2022 04:27

Total changes: - 3

Description

In Wireshark 3.0.0 to 3.0.1, 2.6.0 to 2.6.8, and 2.4.0 to 2.4.14, the dissection engine could crash. This was addressed in epan/packet.c by restricting the number of layers and consequently limiting recursion.

Common Vulnerability Scoring System (CVSS)

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Low

Attack complexity

Network

Attack vector

High

Availability

None

Confidentiality

None

Integrity

None

Privileges required

Unchanged

Scope

None

User interaction

7.5

Base score

3.9

3.6

Exploitability score

Impact score

Verification logic

vendor=wireshark AND product=wireshark AND versionEndIncluding=2.6.8 AND versionStartIncluding=2.6.0

vendor=wireshark AND product=wireshark AND versionEndIncluding=3.0.1 AND versionStartIncluding=3.0.0

vendor=wireshark AND product=wireshark AND versionEndIncluding=2.4.14 AND versionStartIncluding=2.4.0

vendor=Debian AND product=debian_linux AND version=9.0

vendor=canonical AND product=ubuntu_linux AND version=16.04 AND software_edition=esm

vendor=canonical AND product=ubuntu_linux AND version=18.04 AND software_edition=lts

vendor=canonical AND product=ubuntu_linux AND version=19.04

vendor=f5 AND product=big-ip_access_policy_manager AND versionStartIncluding=12.1.3.6 AND versionEndExcluding=12.1.5.3

vendor=f5 AND product=big-ip_access_policy_manager AND versionStartIncluding=13.1.1.2 AND versionEndExcluding=13.1.3.5

vendor=f5 AND product=big-ip_access_policy_manager AND versionEndIncluding=14.0.1 AND versionStartIncluding=14.0.0.3

vendor=f5 AND product=big-ip_access_policy_manager AND versionStartIncluding=14.1.0 AND versionEndExcluding=14.1.2.8

vendor=f5 AND product=big-ip_access_policy_manager AND versionEndIncluding=15.0.1 AND versionStartIncluding=15.0.0

vendor=f5 AND product=big-ip_access_policy_manager AND version=15.1.0

vendor=f5 AND product=big-ip_advanced_firewall_manager AND versionStartIncluding=12.1.3.6 AND versionEndExcluding=12.1.5.3

vendor=f5 AND product=big-ip_advanced_firewall_manager AND versionStartIncluding=13.1.1.2 AND versionEndExcluding=13.1.3.5

vendor=f5 AND product=big-ip_advanced_firewall_manager AND versionEndIncluding=14.0.1 AND versionStartIncluding=14.0.0.3

vendor=f5 AND product=big-ip_advanced_firewall_manager AND versionStartIncluding=14.1.0 AND versionEndExcluding=14.1.2.8

vendor=f5 AND product=big-ip_advanced_firewall_manager AND versionEndIncluding=15.0.1 AND versionStartIncluding=15.0.0

vendor=f5 AND product=big-ip_advanced_firewall_manager AND version=15.1.0

vendor=f5 AND product=big-ip_analytics AND versionStartIncluding=12.1.3.6 AND versionEndExcluding=12.1.5.3

vendor=f5 AND product=big-ip_analytics AND versionStartIncluding=13.1.1.2 AND versionEndExcluding=13.1.3.5

vendor=f5 AND product=big-ip_analytics AND versionEndIncluding=14.0.1 AND versionStartIncluding=14.0.0.3

vendor=f5 AND product=big-ip_analytics AND versionStartIncluding=14.1.0 AND versionEndExcluding=14.1.2.8

vendor=f5 AND product=big-ip_analytics AND versionEndIncluding=15.0.1 AND versionStartIncluding=15.0.0

vendor=f5 AND product=big-ip_analytics AND version=15.1.0

vendor=f5 AND product=big-ip_application_acceleration_manager AND versionStartIncluding=12.1.3.6 AND versionEndExcluding=12.1.5.3

vendor=f5 AND product=big-ip_application_acceleration_manager AND versionStartIncluding=13.1.1.2 AND versionEndExcluding=13.1.3.5

vendor=f5 AND product=big-ip_application_acceleration_manager AND versionEndIncluding=14.0.1 AND versionStartIncluding=14.0.0.3

vendor=f5 AND product=big-ip_application_acceleration_manager AND versionStartIncluding=14.1.0 AND versionEndExcluding=14.1.2.8

vendor=f5 AND product=big-ip_application_acceleration_manager AND versionEndIncluding=15.0.1 AND versionStartIncluding=15.0.0

vendor=f5 AND product=big-ip_application_acceleration_manager AND version=15.1.0

vendor=f5 AND product=big-ip_application_security_manager AND versionStartIncluding=12.1.3.6 AND versionEndExcluding=12.1.5.3

vendor=f5 AND product=big-ip_application_security_manager AND versionStartIncluding=13.1.1.2 AND versionEndExcluding=13.1.3.5

vendor=f5 AND product=big-ip_application_security_manager AND versionEndIncluding=14.0.1 AND versionStartIncluding=14.0.0.3

vendor=f5 AND product=big-ip_application_security_manager AND versionEndIncluding=15.0.1 AND versionStartIncluding=15.0.0

vendor=f5 AND product=big-ip_application_security_manager AND version=15.1.0

vendor=f5 AND product=big-ip_domain_name_system AND versionStartIncluding=12.1.3.6 AND versionEndExcluding=12.1.5.3

vendor=f5 AND product=big-ip_domain_name_system AND versionStartIncluding=13.1.1.2 AND versionEndExcluding=13.1.3.5

vendor=f5 AND product=big-ip_domain_name_system AND versionEndIncluding=14.0.1 AND versionStartIncluding=14.0.0.3

vendor=f5 AND product=big-ip_domain_name_system AND versionStartIncluding=14.1.0 AND versionEndExcluding=14.1.2.8

vendor=f5 AND product=big-ip_domain_name_system AND versionEndIncluding=15.0.1 AND versionStartIncluding=15.0.0

vendor=f5 AND product=big-ip_domain_name_system AND version=15.1.0

vendor=f5 AND product=big-ip_edge_gateway AND versionStartIncluding=12.1.3.6 AND versionEndExcluding=12.1.5.3

vendor=f5 AND product=big-ip_edge_gateway AND versionStartIncluding=13.1.1.2 AND versionEndExcluding=13.1.3.5

vendor=f5 AND product=big-ip_edge_gateway AND versionEndIncluding=14.0.1 AND versionStartIncluding=14.0.0.3

vendor=f5 AND product=big-ip_edge_gateway AND versionStartIncluding=14.1.0 AND versionEndExcluding=14.1.2

vendor=f5 AND product=big-ip_edge_gateway AND versionEndIncluding=15.0.1 AND versionStartIncluding=15.0.0

vendor=f5 AND product=big-ip_edge_gateway AND version=15.1.0

vendor=f5 AND product=big-ip_fraud_protection_service AND versionStartIncluding=12.1.3.6 AND versionEndExcluding=12.1.5.3

vendor=f5 AND product=big-ip_fraud_protection_service AND versionStartIncluding=13.1.1.2 AND versionEndExcluding=13.1.3.5

vendor=f5 AND product=big-ip_fraud_protection_service AND versionEndIncluding=14.0.1 AND versionStartIncluding=14.0.0.3

vendor=f5 AND product=big-ip_fraud_protection_service AND versionStartIncluding=14.1.0 AND versionEndExcluding=14.1.2

vendor=f5 AND product=big-ip_fraud_protection_service AND versionEndIncluding=15.0.1 AND versionStartIncluding=15.0.0

vendor=f5 AND product=big-ip_fraud_protection_service AND version=15.1.0

vendor=f5 AND product=big-ip_global_traffic_manager AND versionStartIncluding=12.1.3.6 AND versionEndExcluding=12.1.5.3

vendor=f5 AND product=big-ip_global_traffic_manager AND versionStartIncluding=13.1.1.2 AND versionEndExcluding=13.1.3.5

vendor=f5 AND product=big-ip_global_traffic_manager AND versionEndIncluding=14.0.1 AND versionStartIncluding=14.0.0.3

vendor=f5 AND product=big-ip_global_traffic_manager AND versionStartIncluding=14.1.0 AND versionEndExcluding=14.1.2.8

vendor=f5 AND product=big-ip_global_traffic_manager AND versionEndIncluding=15.0.1 AND versionStartIncluding=15.0.0

vendor=f5 AND product=big-ip_global_traffic_manager AND version=15.1.0

vendor=f5 AND product=big-ip_link_controller AND versionStartIncluding=12.1.3.6 AND versionEndExcluding=12.1.5.3

vendor=f5 AND product=big-ip_link_controller AND versionStartIncluding=13.1.1.2 AND versionEndExcluding=13.1.3.5

vendor=f5 AND product=big-ip_link_controller AND versionEndIncluding=14.0.1 AND versionStartIncluding=14.0.0.3

vendor=f5 AND product=big-ip_link_controller AND versionStartIncluding=14.1.0 AND versionEndExcluding=14.1.2.8

vendor=f5 AND product=big-ip_link_controller AND versionEndIncluding=15.0.1 AND versionStartIncluding=15.0.0

vendor=f5 AND product=big-ip_link_controller AND version=15.1.0

vendor=f5 AND product=big-ip_local_traffic_manager AND versionStartIncluding=12.1.3.6 AND versionEndExcluding=12.1.5.3

vendor=f5 AND product=big-ip_local_traffic_manager AND versionStartIncluding=13.1.1.2 AND versionEndExcluding=13.1.3.5

vendor=f5 AND product=big-ip_local_traffic_manager AND versionEndIncluding=14.0.1 AND versionStartIncluding=14.0.0.3

vendor=f5 AND product=big-ip_local_traffic_manager AND versionStartIncluding=14.1.0 AND versionEndExcluding=14.1.2.8

vendor=f5 AND product=big-ip_local_traffic_manager AND versionEndIncluding=15.0.1 AND versionStartIncluding=15.0.0

vendor=f5 AND product=big-ip_local_traffic_manager AND version=15.1.0

vendor=f5 AND product=big-ip_policy_enforcement_manager AND versionStartIncluding=12.1.3.6 AND versionEndExcluding=12.1.5.3

vendor=f5 AND product=big-ip_policy_enforcement_manager AND versionStartIncluding=13.1.1.2 AND versionEndExcluding=13.1.3.5

vendor=f5 AND product=big-ip_policy_enforcement_manager AND versionEndIncluding=14.0.1 AND versionStartIncluding=14.0.0.3

vendor=f5 AND product=big-ip_policy_enforcement_manager AND versionStartIncluding=14.1.0 AND versionEndExcluding=14.1.2.8

vendor=f5 AND product=big-ip_policy_enforcement_manager AND versionEndIncluding=15.0.1 AND versionStartIncluding=15.0.0

vendor=f5 AND product=big-ip_policy_enforcement_manager AND version=15.1.0

vendor=f5 AND product=big-ip_webaccelerator AND versionStartIncluding=12.1.3.6 AND versionEndExcluding=12.1.5.3

vendor=f5 AND product=big-ip_webaccelerator AND versionStartIncluding=13.1.1.2 AND versionEndExcluding=13.1.3.5

vendor=f5 AND product=big-ip_webaccelerator AND versionEndIncluding=14.0.1 AND versionStartIncluding=14.0.0.3

vendor=f5 AND product=big-ip_webaccelerator AND versionStartIncluding=14.1.0 AND versionEndExcluding=14.1.2.8

vendor=f5 AND product=big-ip_webaccelerator AND versionEndIncluding=15.0.1 AND versionStartIncluding=15.0.0

vendor=f5 AND product=big-ip_webaccelerator AND version=15.1.0

Reference

https://www.wireshark.org/security/wnpa-sec-2019-19.html
https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=7b6e197da4c497e229ed3ebf6952bae5c426a820
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=15778
108464-Broken Link
https://support.f5.com/csp/article/K06725231
USN-4133-1-Third Party Advisory
https://support.f5.com/csp/article/K06725231?utm_source=f5support&amp;utm_medium=RSS
[debian-lts-announce] 20201031 [SECURITY] [DLA 2423-1] wireshark security update-Mailing List, Third Party Advisory

Keywords

CVE-2019-12295

Common vulnerabilities & exposures (CVE)

Description

Common Vulnerability Scoring System (CVSS)

Verification logic

Reference

NVD

CVE-2019-12295

CVE

Common vulnerabilities & exposures

CVSS

Common vulnerability scoring system

Security

Vulnerabilities

Exposures