Vulnerability Details : CVE-2019-5716
Potential exploit
In Wireshark 2.6.0 to 2.6.5, the 6LoWPAN dissector could crash. This was addressed in epan/dissectors/packet-6lowpan.c by avoiding use of a TVB before its creation.
Vulnerability category: Input validation
Products affected by CVE-2019-5716
- cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*
- cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*
- cpe:2.3:a:wireshark:wireshark:*:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2019-5716
0.28%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 68 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2019-5716
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
4.3
|
MEDIUM | AV:N/AC:M/Au:N/C:N/I:N/A:P |
8.6
|
2.9
|
NIST | |
5.5
|
MEDIUM | CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H |
1.8
|
3.6
|
NIST |
CWE ids for CVE-2019-5716
-
The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.Assigned by: nvd@nist.gov (Primary)
References for CVE-2019-5716
-
http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00027.html
[security-announce] openSUSE-SU-2020:0362-1: moderate: Security update f
-
https://www.wireshark.org/security/wnpa-sec-2019-01.html
Wireshark · wnpa-sec-2019-01 · 6LoWPAN dissector crashVendor Advisory
-
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=15217
15217 – Buildbot crash output: randpkt-2018-10-18-13414.pcapExploit;Issue Tracking;Vendor Advisory
-
http://www.securityfocus.com/bid/106482
Wireshark Multiple Denial of Service VulnerabilitiesThird Party Advisory;VDB Entry
-
https://www.debian.org/security/2019/dsa-4416
Debian -- Security Information -- DSA-4416-1 wiresharkThird Party Advisory
-
https://seclists.org/bugtraq/2019/Mar/35
Bugtraq: [SECURITY] [DSA 4416-1] wireshark security updateMailing List;Third Party Advisory
-
https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=2b2eea1793dbff813896e1ae9dff1bedb39ee010
code.wireshark Code Review - wireshark.git/commitPatch;Vendor Advisory
-
https://lists.debian.org/debian-lts-announce/2019/01/msg00022.html
[SECURITY] [DLA 1645-1] wireshark security updateMailing List;Third Party Advisory
Jump to