CVE-2019-5718

In Wireshark 2.6.0 to 2.6.5 and 2.4.0 to 2.4.11, the RTSE dissector and other ASN.1 dissectors could crash. This was addressed in epan/charsets.c by adding a gett61string length check.

Database specific

{
    "unresolved_ranges": [
        {
            "source": "CPE_FIELD",
            "extracted_events": [
                {
                    "last_affected": "9.0"
                }
            ],
            "cpe": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*"
        }
    ]
}

References

Affected packages

Git / github.com/wireshark/wireshark

Affected ranges

Type

GIT

Repo

https://github.com/wireshark/wireshark

Events

Introduced

9be0fa500da594ed01baf3214642838d22811c90

Last affected

a6cc2066cf056baae5dbb3b354f2f1f9fd065f0e

Introduced

c7239f0201292253817c7c4c9a394a47113ca55c

Last affected

f766965a0d7d77f6553a9b541d04bbe438fb9399

Database specific

{
    "source": "CPE_FIELD",
    "extracted_events": [
        {
            "introduced": "2.4.0"
        },
        {
            "last_affected": "2.4.11"
        },
        {
            "introduced": "2.6.0"
        },
        {
            "last_affected": "2.6.5"
        }
    ],
    "cpe": "cpe:2.3:a:wireshark:wireshark:*:*:*:*:*:*:*:*"
}

Affected versions

v2.*

v2.4.0

v2.4.1

v2.4.10

v2.4.10rc0

v2.4.11

v2.4.11rc0

v2.4.1rc0

v2.4.2

v2.4.2rc0

v2.4.3

v2.4.3rc0

v2.4.4

v2.4.4rc0

v2.4.5

v2.4.5rc0

v2.4.6

v2.4.6rc0

v2.4.7

v2.4.7rc0

v2.4.8

v2.4.8rc0

v2.4.9

v2.4.9rc0

v2.6.0

v2.6.1

v2.6.1rc0

v2.6.2

v2.6.2rc0

v2.6.3

v2.6.3rc0

v2.6.4

v2.6.4rc0

v2.6.5

v2.6.5rc0

wireshark-2.*

wireshark-2.4.0

wireshark-2.4.1

wireshark-2.4.10

wireshark-2.4.11

wireshark-2.4.2

wireshark-2.4.3

wireshark-2.4.4

wireshark-2.4.5

wireshark-2.4.6

wireshark-2.4.7

wireshark-2.4.8

wireshark-2.4.9

wireshark-2.6.0

wireshark-2.6.1

wireshark-2.6.2

wireshark-2.6.3

wireshark-2.6.4

wireshark-2.6.5

Database specific

source

"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2019-5718.json"