Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 454
Alerts This Week
Warning Icon 1 454

Debian: DLA-1802-1 Moderate: Multiple Wireshark DoS Vulnerabilities

debian lts
Calendar Grey May 25, 2019
Dist Debian Esm H88
Debian 8 has been updated with critical security patches addressing various vulnerabilities in Wireshark, which could allow attackers to execute denial of service (DoS) attacks.
Several vulnerabilities have been found in wireshark, a network traffic analyzer

Summary

Assertion failure in dissect_gssapi_work (packet-gssapi.c) leading to
crash of the GSS-API dissector. Remote attackers might leverage this
vulnerability to trigger DoS via a packet containing crafted GSS-API
payload.

CVE-2019-10895

Insufficient data validation leading to large number of heap buffer
overflows read and write in the NetScaler trace handling module
(netscaler.c). Remote attackers might leverage these vulnerabilities to
trigger DoS, or any other unspecified impact via crafted packets.

CVE-2019-10899

Heap-based buffer under-read vulnerability in the Service Location
Protocol dissector. Remote attackers might leverage these
vulnerabilities to trigger DoS, or any other unspecified impact via
crafted SRVLOC packets.

CVE-2019-10901

NULL pointer dereference in the Local Download Sharing Service
protocol dissector. Remote attackers might leverage these flaws to
trigger DoS via crafted LDSS packets.

CVE-2019-10903

Read the Full Advisory


Package: wireshark
Version: 1.12.1+g01b65bf-4+deb8u19
CVE ID: CVE-2019-10894 CVE-2019-10895 CVE-2019-10899 CVE-2019-10901
Debian Bug: 926718

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.