5.5

CVE-2019-5721

Exploit
In Wireshark 2.4.0 to 2.4.11, the ENIP dissector could crash. This was addressed in epan/dissectors/packet-enip.c by changing the memory-management approach so that a use-after-free is avoided.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
WiresharkWireshark Version >= 2.4.0 <= 2.4.11
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.95% 0.565
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 5.5 1.8 3.6
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
nvd@nist.gov 4.3 8.6 2.9
AV:N/AC:M/Au:N/C:N/I:N/A:P
CWE-416 Use After Free

The product reuses or references memory after it has been freed. At some point afterward, the memory may be allocated again and saved in another pointer, while the original pointer references a location somewhere within the new allocation. Any operations using the original pointer are no longer valid because the memory "belongs" to the code that operates on the new pointer.

http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00027.html
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=14470
Vendor Advisory
Exploit
Issue Tracking
https://code.wireshark.org/review/gitweb?p=wireshark.git%3Ba=commit%3Bh=1c66174ec7aa19e2ddc79178cf59f15a654fc4fe
https://www.wireshark.org/security/wnpa-sec-2019-05.html
Vendor Advisory