Vulnerability CVE-2019-10899: Information

Description

In Wireshark 2.4.0 to 2.4.13, 2.6.0 to 2.6.7, and 3.0.0, the SRVLOC dissector could crash. This was addressed in epan/dissectors/packet-srvloc.c by preventing a heap-based buffer under-read.

Severity: HIGH (7.5) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

URL: https://nvd.nist.gov/vuln/detail/CVE-2019-10899
Published: April 9, 2019
Modified: Nov. 7, 2023
Error type identifier: CWE-125

Fixed packages

Package name
Branch
Fixed in version
Version from repository
Errata ID
Task #
State
wiresharksisyphus2.5.1-alt1.S14.2.5-alt1ALT-PU-2018-1549-1203426Fixed
wiresharkp102.5.1-alt1.S14.0.11-alt1ALT-PU-2018-1549-1203426Fixed
wiresharkp92.5.1-alt1.S14.0.8-alt1ALT-PU-2018-1549-1203426Fixed
wiresharkp82.6.9-alt13.0.6-alt1ALT-PU-2019-1993-1231325Fixed
wiresharkc10f12.5.1-alt1.S14.0.11-alt1ALT-PU-2018-1549-1203426Fixed
wiresharkc9f22.5.1-alt1.S14.0.11-alt1ALT-PU-2018-1549-1203426Fixed
wiresharkp112.5.1-alt1.S14.2.5-alt1ALT-PU-2018-1549-1203426Fixed

References to Advisories, Solutions, and Tools

Hyperlink
Resource
https://www.wireshark.org/security/wnpa-sec-2019-10.html
  • Release Notes
  • Vendor Advisory
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=15546
  • Exploit
  • Issue Tracking
  • Patch
  • Vendor Advisory
107834
  • Third Party Advisory
  • VDB Entry
openSUSE-SU-2019:1356
  • Mailing List
  • Third Party Advisory
openSUSE-SU-2019:1390
  • Mailing List
  • Third Party Advisory
USN-3986-1
  • Third Party Advisory
[debian-lts-announce] 20190525 [SECURITY] [DLA 1802-1] wireshark security update
  • Mailing List
  • Third Party Advisory
openSUSE-SU-2020:0362
  • Mailing List
  • Third Party Advisory
[debian-lts-announce] 20201031 [SECURITY] [DLA 2423-1] wireshark security update
  • Mailing List
  • Third Party Advisory
https://code.wireshark.org/review/gitweb?p=wireshark.git%3Ba=commit%3Bh=b16fea2f175a3297edac118c8844c7987d31c1cb
    FEDORA-2019-aef1dac6a0
      FEDORA-2019-77b2d840ef

          1. Configuration 1

            cpe:2.3:a:wireshark:wireshark:3.0.0:*:*:*:*:*:*:*
            cpe:2.3:a:wireshark:wireshark:*:*:*:*:*:*:*:*
            Start including
            2.6.0
            End including
            2.6.7
            cpe:2.3:a:wireshark:wireshark:*:*:*:*:*:*:*:*
            Start including
            2.4.0
            End including
            2.4.13

            Configuration 2

            cpe:2.3:o:fedoraproject:fedora:29:*:*:*:*:*:*:*
            cpe:2.3:o:fedoraproject:fedora:30:*:*:*:*:*:*:*

            Configuration 3

            cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*
            cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*

            Configuration 4

            cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*
            cpe:2.3:o:canonical:ubuntu_linux:18.10:*:*:*:*:*:*:*
            cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:esm:*:*:*

            Configuration 5

            cpe:2.3:o:opensuse:leap:42.3:*:*:*:*:*:*:*
            cpe:2.3:o:opensuse:leap:15.0:*:*:*:*:*:*:*
            cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*
        VKontakte|Telegram|YouTube|Forum|GitHub|Bugzilla
        Version: v24.5.3
        Back to top