CVE-2019-10902 : In Wireshark 3.0.0, the TSDNS dissector could crash. This was addressed in epan/

In Wireshark 3.0.0, the TSDNS dissector could crash. This was addressed in epan/dissectors/packet-tsdns.c by splitting strings safely.

Published 2019-04-09 04:29:02

Updated 2020-08-24 17:37:01

Source MITRE

View at NVD, CVE.org

Products affected by CVE-2019-10902

Wireshark » Wireshark » Version: 3.0.0
cpe:2.3:a:wireshark:wireshark:3.0.0:*:*:*:*:*:*:*
Matching versions
Fedoraproject » Fedora » Version: 29
cpe:2.3:o:fedoraproject:fedora:29:*:*:*:*:*:*:*
Matching versions
Fedoraproject » Fedora » Version: 30
cpe:2.3:o:fedoraproject:fedora:30:*:*:*:*:*:*:*
Matching versions

EPSS FAQ

0.31%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 52 %

Percentile, the proportion of vulnerabilities that are scored at or less

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source
5.0	MEDIUM	AV:N/AC:L/Au:N/C:N/I:N/A:P	10.0	2.9	NIST
Access Vector: Network Access Complexity: Low Authentication: None Confidentiality Impact: None Integrity Impact: None Availability Impact: Partial
7.5	HIGH	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H	3.9	3.6	NIST
Attack Vector: Network Attack Complexity: Low Privileges Required: None User Interaction: None Scope: Unchanged Confidentiality: None Integrity: None Availability: High

CWE-252 Unchecked Return Value

The product does not check the return value from a method or function, which can prevent it from detecting unexpected states and conditions.

Assigned by: nvd@nist.gov (Primary)

https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=15619

15619 – Wireshark SIGSEGV due to use of uninitialized memory in ws_basestrtou64 (called by dissect_tsdns)
Exploit;Issue Tracking;Patch;Vendor Advisory
http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00027.html

[security-announce] openSUSE-SU-2020:0362-1: moderate: Security update f

CVEs referencing this url
https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=95571f17d5e2de39735e62e5251583f930c06d51

code.wireshark Code Review - wireshark.git/commit
Patch;Vendor Advisory
https://www.wireshark.org/security/wnpa-sec-2019-16.html

Wireshark · wnpa-sec-2019-16 · TSDNS dissector crash
Vendor Advisory
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PU3QA2DUO3XS24QE24CQRP4A4XQQY76R/

[SECURITY] Fedora 30 Update: wireshark-3.0.1-1.fc30 - package-announce - Fedora Mailing-Lists
Mailing List;Third Party Advisory

CVEs referencing this url
http://www.securityfocus.com/bid/107836

Wireshark Multiple Denial of Service Vulnerabilities
Third Party Advisory;VDB Entry

CVEs referencing this url
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4LYIOOQIMFQ3PA7AFBK4DNXHISTEYUC5/

[SECURITY] Fedora 29 Update: wireshark-3.0.1-1.fc29 - package-announce - Fedora Mailing-Lists
Mailing List;Third Party Advisory

CVEs referencing this url

Jump to