CVE-2019-13619

In Wireshark 3.0.0 to 3.0.2, 2.6.0 to 2.6.9, and 2.4.0 to 2.4.15, the ASN.1 BER dissector and related dissectors could crash. This was addressed in epan/asn1.c by properly restricting buffer increments.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
7.5 HIGH
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
mitreCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 92%
VendorProductVersion
wiresharkwireshark
2.4.0 ≤
𝑥
≤ 2.4.15
wiresharkwireshark
2.6.0 ≤
𝑥
≤ 2.6.9
wiresharkwireshark
3.0.0 ≤
𝑥
≤ 3.0.2
canonicalubuntu_linux
16.04
canonicalubuntu_linux
18.04
canonicalubuntu_linux
19.04
debiandebian_linux
9.0
opensuseleap
15.0
opensuseleap
15.1
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
wireshark
bullseye
3.4.10-0+deb11u1
fixed
jessie
not-affected
bullseye (security)
3.4.16-0+deb11u1
fixed
bookworm
4.0.11-1~deb12u1
fixed
bookworm (security)
4.0.11-1~deb12u1
fixed
trixie
4.4.0-1
fixed
sid
4.4.1-1
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
wireshark
jammy
not-affected
impish
not-affected
hirsute
not-affected
groovy
not-affected
focal
not-affected
eoan
not-affected
disco
Fixed 2.6.10-1~ubuntu19.04.0
released
bionic
Fixed 2.6.10-1~ubuntu18.04.0
released
xenial
Fixed 2.6.10-1~ubuntu16.04.0
released
trusty
Fixed 2.6.10-1~ubuntu14.04.0~esm1
released
Common Weakness Enumeration
References
http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00068.html
http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00027.html
http://www.securityfocus.com/bid/109293
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=15870
https://code.wireshark.org/review/gitweb?p=wireshark.git%3Ba=commit%3Bh=7e90aed666e809c0db5de9d1816802a7dcea28d9
https://lists.debian.org/debian-lts-announce/2021/02/msg00008.html
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JY52XAC2UNC4X4ZPIXYMK5SVXV2PO5I3/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Q4QVJALLGVVC7MBUT4B4SHQVDXGJKGI7/
https://usn.ubuntu.com/4133-1/
https://www.wireshark.org/security/wnpa-sec-2019-20.html
http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00068.html
http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00027.html
http://www.securityfocus.com/bid/109293
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=15870
https://code.wireshark.org/review/gitweb?p=wireshark.git%3Ba=commit%3Bh=7e90aed666e809c0db5de9d1816802a7dcea28d9
https://lists.debian.org/debian-lts-announce/2021/02/msg00008.html
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JY52XAC2UNC4X4ZPIXYMK5SVXV2PO5I3/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Q4QVJALLGVVC7MBUT4B4SHQVDXGJKGI7/
https://usn.ubuntu.com/4133-1/
https://www.wireshark.org/security/wnpa-sec-2019-20.html