CVE-2019-10894

In Wireshark 2.4.0 to 2.4.13, 2.6.0 to 2.6.7, and 3.0.0, the GSS-API dissector could crash. This was addressed in epan/dissectors/packet-gssapi.c by ensuring that a valid dissector is called.

References

Affected packages

Git / github.com/wireshark/wireshark

Affected ranges

Type: GIT
Repo: https://github.com/wireshark/wireshark
Events: Last affected

937e33de60bcfcd6f68e7250e5e6914ae1d1e1e4

Introduced

9be0fa500da594ed01baf3214642838d22811c90

Last affected

f2c6a94a3fc6ec96b09a502d3a2b05f6192dfb8e

Introduced

c7239f0201292253817c7c4c9a394a47113ca55c

Last affected

fc8dbae084bb9c6efcc3df68f2be247a3b574492

Affected versions

v2.*

v2.4.0

v2.4.1

v2.4.10

v2.4.10rc0

v2.4.11

v2.4.11rc0

v2.4.12

v2.4.12rc0

v2.4.13

v2.4.13rc0

v2.4.1rc0

v2.4.2

v2.4.2rc0

v2.4.3

v2.4.3rc0

v2.4.4

v2.4.4rc0

v2.4.5

v2.4.5rc0

v2.4.6

v2.4.6rc0

v2.4.7

v2.4.7rc0

v2.4.8

v2.4.8rc0

v2.4.9

v2.4.9rc0

v2.6.0

v2.6.1

v2.6.1rc0

v2.6.2

v2.6.2rc0

v2.6.3

v2.6.3rc0

v2.6.4

v2.6.4rc0

v2.6.5

v2.6.5rc0

v2.6.6

v2.6.6rc0

v2.6.7

v2.6.7rc0

wireshark-2.*

wireshark-2.4.0

wireshark-2.4.1

wireshark-2.4.10

wireshark-2.4.11

wireshark-2.4.12

wireshark-2.4.13

wireshark-2.4.2

wireshark-2.4.3

wireshark-2.4.4

wireshark-2.4.5

wireshark-2.4.6

wireshark-2.4.7

wireshark-2.4.8

wireshark-2.4.9

wireshark-2.6.0

wireshark-2.6.1

wireshark-2.6.2

wireshark-2.6.3

wireshark-2.6.4

wireshark-2.6.5

wireshark-2.6.6

wireshark-2.6.7

Database specific

source

"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2019-10894.json"