CVE-2019-10895

In Wireshark 2.4.0 to 2.4.13, 2.6.0 to 2.6.7, and 3.0.0, the NetScaler file parser could crash. This was addressed in wiretap/netscaler.c by improving data validation.
References
Link Resource
https://www.wireshark.org/security/wnpa-sec-2019-09.html Vendor Advisory
https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=cab0cff6abdd7a5b5b0bfa4ee204eea951e129e9 Patch Vendor Advisory
https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=38680c4c69f9f4e0f39e29b66fe2b02d88eb629d Patch Vendor Advisory
https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=2fbbde780e5d5d82e31dca656217daf278cf62bb Patch Vendor Advisory
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=15497 Exploit Issue Tracking Patch Vendor Advisory
http://www.securityfocus.com/bid/107834 VDB Entry Third Party Advisory
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PU3QA2DUO3XS24QE24CQRP4A4XQQY76R/ Mailing List Release Notes Third Party Advisory
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4LYIOOQIMFQ3PA7AFBK4DNXHISTEYUC5/ Mailing List Release Notes Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00022.html Mailing List Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00027.html Mailing List Third Party Advisory
https://usn.ubuntu.com/3986-1/ Third Party Advisory
https://lists.debian.org/debian-lts-announce/2019/05/msg00034.html Mailing List Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00027.html Mailing List Third Party Advisory
https://lists.debian.org/debian-lts-announce/2020/10/msg00036.html Mailing List Third Party Advisory
Advertisement

NeevaHost hosting service

Configurations

Configuration 1 (hide)

OR cpe:2.3:a:wireshark:wireshark:3.0.0:*:*:*:*:*:*:*
cpe:2.3:a:wireshark:wireshark:*:*:*:*:*:*:*:*
cpe:2.3:a:wireshark:wireshark:*:*:*:*:*:*:*:*

Configuration 2 (hide)

OR cpe:2.3:o:fedoraproject:fedora:30:*:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:29:*:*:*:*:*:*:*

Configuration 3 (hide)

OR cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*

Configuration 4 (hide)

OR cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:esm:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:18.10:*:*:*:*:*:*:*

Configuration 5 (hide)

OR cpe:2.3:o:opensuse:leap:15.0:*:*:*:*:*:*:*
cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*
cpe:2.3:o:opensuse:leap:42.3:*:*:*:*:*:*:*

Information

Published : 2019-04-08 21:29

Updated : 2022-05-03 07:50


NVD link : CVE-2019-10895

Mitre link : CVE-2019-10895


JSON object : View

CWE
CWE-125

Out-of-bounds Read

Advertisement

dedicated server usa

Products Affected

wireshark

  • wireshark

fedoraproject

  • fedora

canonical

  • ubuntu_linux

opensuse

  • leap

debian

  • debian_linux