5.5
CVE-2019-5717
- EPSS 1.44%
- Veröffentlicht 08.01.2019 23:29:00
- Zuletzt bearbeitet 21.11.2024 04:45:23
- Quelle cve@mitre.org
- CVE-Watchlists
- Unerledigt
In Wireshark 2.6.0 to 2.6.5 and 2.4.0 to 2.4.11, the P_MUL dissector could crash. This was addressed in epan/dissectors/packet-p_mul.c by rejecting the invalid sequence number of zero.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Debian ≫ Debian Linux Version8.0
Debian ≫ Debian Linux Version9.0
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 1.44% | 0.697 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 5.5 | 1.8 | 3.6 |
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
|
| nvd@nist.gov | 4.3 | 8.6 | 2.9 |
AV:N/AC:M/Au:N/C:N/I:N/A:P
|
CWE-20 Improper Input Validation
The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.
http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00027.html
http://www.securityfocus.com/bid/106482
https://lists.debian.org/debian-lts-announce/2019/01/msg00022.html
https://seclists.org/bugtraq/2019/Mar/35
https://www.debian.org/security/2019/dsa-4416
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=15337
https://code.wireshark.org/review/gitweb?p=wireshark.git%3Ba=commit%3Bh=bf9272a92f3df1e4ccfaad434e123222ae5313f7
https://www.wireshark.org/security/wnpa-sec-2019-02.html