7.5
CVE-2019-10894
- EPSS 5.59%
- Veröffentlicht 09.04.2019 04:29:00
- Zuletzt bearbeitet 21.11.2024 04:20:04
- Quelle cve@mitre.org
- CVE-Watchlists
- Unerledigt
In Wireshark 2.4.0 to 2.4.13, 2.6.0 to 2.6.7, and 3.0.0, the GSS-API dissector could crash. This was addressed in epan/dissectors/packet-gssapi.c by ensuring that a valid dissector is called.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Fedoraproject ≫ Fedora Version29
Fedoraproject ≫ Fedora Version30
Debian ≫ Debian Linux Version8.0
Debian ≫ Debian Linux Version9.0
Canonical ≫ Ubuntu Linux Version16.04 SwEditionesm
Canonical ≫ Ubuntu Linux Version18.04 SwEditionlts
Canonical ≫ Ubuntu Linux Version18.10
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 5.59% | 0.919 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 7.5 | 3.9 | 3.6 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
|
| nvd@nist.gov | 5 | 10 | 2.9 |
AV:N/AC:L/Au:N/C:N/I:N/A:P
|
CWE-617 Reachable Assertion
The product contains an assert() or similar statement that can be triggered by an attacker, which leads to an application exit or other behavior that is more severe than necessary.
http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00027.html
http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00027.html
https://usn.ubuntu.com/3986-1/
http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00022.html
http://www.securityfocus.com/bid/107834
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=15613
https://code.wireshark.org/review/gitweb?p=wireshark.git%3Ba=commit%3Bh=b20e5d8aae2580e29c83ddaf0b6b2e640603e4aa
https://lists.debian.org/debian-lts-announce/2019/05/msg00034.html
https://lists.debian.org/debian-lts-announce/2020/10/msg00036.html
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4LYIOOQIMFQ3PA7AFBK4DNXHISTEYUC5/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PU3QA2DUO3XS24QE24CQRP4A4XQQY76R/
https://www.wireshark.org/security/wnpa-sec-2019-14.html