CVE-2019-19553
First published: Thu Dec 05 2019(Updated: )
In Wireshark 3.0.0 to 3.0.6 and 2.6.0 to 2.6.12, the CMS dissector could crash. This was addressed in epan/dissectors/asn1/cms/packet-cms-template.c by ensuring that an object identifier is set to NULL after a ContentInfo dissection.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Wireshark Wireshark | >=2.6.0<=2.6.12 | |
| Wireshark Wireshark | >=3.0.0<=3.0.6 | |
| openSUSE Leap | =15.1 | |
| Oracle Solaris | =11 | |
| Oracle ZFS Storage Appliance | =8.8 | |
| Debian Debian Linux | =9.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00027.html
- https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=15961
- https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=34d2e0d5318d0a7e9889498c721639e5cbf4ce45
- https://lists.debian.org/debian-lts-announce/2021/02/msg00008.html
- https://www.oracle.com/security-alerts/cpuapr2020.html
- https://www.wireshark.org/security/wnpa-sec-2019-22.html
- https://code.wireshark.org/review/gitweb?p=wireshark.git%3Ba=commit%3Bh=34d2e0d5318d0a7e9889498c721639e5cbf4ce45
Frequently Asked Questions
What is the vulnerability ID for this Wireshark vulnerability?
The vulnerability ID for this Wireshark vulnerability is CVE-2019-19553.
Which versions of Wireshark are affected by this vulnerability?
Wireshark versions 3.0.0 to 3.0.6 and 2.6.0 to 2.6.12 are affected by this vulnerability.
How does the vulnerability manifest?
The vulnerability manifests as a crash in the CMS dissector in Wireshark.
What is the severity of CVE-2019-19553?
The severity of CVE-2019-19553 is high with a CVSS score of 7.5.
How was the vulnerability addressed?
The vulnerability was addressed in epan/dissectors/asn1/cms/packet-cms-template.c by ensuring that an object identifier is set to NULL after a ContentInfo dissection.
- collector/nvd-index
- agent/weakness
- agent/severity
- agent/references
- agent/author
- agent/description
- agent/type
- agent/event
- agent/last-modified-date
- agent/remedy
- agent/tags
- agent/softwarecombine
- agent/first-publish-date
- collector/mitre-cve
- source/MITRE
- vendor/wireshark
- canonical/wireshark wireshark
- version/wireshark wireshark/2.6.0
- version/wireshark wireshark/2.6.12
- version/wireshark wireshark/3.0.0
- version/wireshark wireshark/3.0.6
- vendor/opensuse
- canonical/opensuse leap
- version/opensuse leap/15.1
- vendor/oracle
- canonical/oracle solaris
- version/oracle solaris/11
- canonical/oracle zfs storage appliance
- version/oracle zfs storage appliance/8.8
- vendor/debian
- canonical/debian debian linux
- version/debian debian linux/9.0