CVE-2019-9209

In Wireshark 2.4.0 to 2.4.12 and 2.6.0 to 2.6.6, the ASN.1 BER and related dissectors could crash. This was addressed in epan/dissectors/packet-ber.c by preventing a buffer overflow associated with excessive digits in time values.

Database specific

{
    "unresolved_ranges": [
        {
            "source": "CPE_FIELD",
            "extracted_events": [
                {
                    "last_affected": "16.04"
                }
            ],
            "cpe": "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:esm:*:*:*"
        },
        {
            "source": "CPE_FIELD",
            "extracted_events": [
                {
                    "last_affected": "18.04"
                }
            ],
            "cpe": "cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*"
        },
        {
            "source": "CPE_FIELD",
            "extracted_events": [
                {
                    "last_affected": "18.10"
                }
            ],
            "cpe": "cpe:2.3:o:canonical:ubuntu_linux:18.10:*:*:*:*:*:*:*"
        },
        {
            "source": "CPE_FIELD",
            "extracted_events": [
                {
                    "last_affected": "8.0"
                }
            ],
            "cpe": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*"
        },
        {
            "source": "CPE_FIELD",
            "extracted_events": [
                {
                    "last_affected": "9.0"
                }
            ],
            "cpe": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*"
        },
        {
            "source": "CPE_FIELD",
            "extracted_events": [
                {
                    "last_affected": "15.0"
                }
            ],
            "cpe": "cpe:2.3:o:opensuse:leap:15.0:*:*:*:*:*:*:*"
        },
        {
            "source": "CPE_FIELD",
            "extracted_events": [
                {
                    "last_affected": "15.1"
                }
            ],
            "cpe": "cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*"
        },
        {
            "source": "CPE_FIELD",
            "extracted_events": [
                {
                    "last_affected": "42.3"
                }
            ],
            "cpe": "cpe:2.3:o:opensuse:leap:42.3:*:*:*:*:*:*:*"
        }
    ]
}

References

Affected packages

Git / github.com/wireshark/wireshark

Affected ranges

Type

GIT

Repo

https://github.com/wireshark/wireshark

Events

Introduced

9be0fa500da594ed01baf3214642838d22811c90

Last affected

e9b786fee5ec483136065ab180a2b2d9ca74631a

Introduced

c7239f0201292253817c7c4c9a394a47113ca55c

Last affected

df942cd8684d365cca1b006547a4796172480ee8

Database specific

{
    "source": "CPE_FIELD",
    "extracted_events": [
        {
            "introduced": "2.4.0"
        },
        {
            "last_affected": "2.4.12"
        },
        {
            "introduced": "2.6.0"
        },
        {
            "last_affected": "2.6.6"
        }
    ],
    "cpe": "cpe:2.3:a:wireshark:wireshark:*:*:*:*:*:*:*:*"
}

Affected versions

v2.*

v2.4.0

v2.4.1

v2.4.10

v2.4.10rc0

v2.4.11

v2.4.11rc0

v2.4.12

v2.4.12rc0

v2.4.1rc0

v2.4.2

v2.4.2rc0

v2.4.3

v2.4.3rc0

v2.4.4

v2.4.4rc0

v2.4.5

v2.4.5rc0

v2.4.6

v2.4.6rc0

v2.4.7

v2.4.7rc0

v2.4.8

v2.4.8rc0

v2.4.9

v2.4.9rc0

v2.6.0

v2.6.1

v2.6.1rc0

v2.6.2

v2.6.2rc0

v2.6.3

v2.6.3rc0

v2.6.4

v2.6.4rc0

v2.6.5

v2.6.5rc0

v2.6.6

v2.6.6rc0

wireshark-2.*

wireshark-2.4.0

wireshark-2.4.1

wireshark-2.4.10

wireshark-2.4.11

wireshark-2.4.12

wireshark-2.4.2

wireshark-2.4.3

wireshark-2.4.4

wireshark-2.4.5

wireshark-2.4.6

wireshark-2.4.7

wireshark-2.4.8

wireshark-2.4.9

wireshark-2.6.0

wireshark-2.6.1

wireshark-2.6.2

wireshark-2.6.3

wireshark-2.6.4

wireshark-2.6.5

wireshark-2.6.6

Database specific

source

"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2019-9209.json"