In Wireshark 3.0.0 to 3.0.1, 2.6.0 to 2.6.8, and 2.4.0 to 2.4.14, the dissection engine could crash. This was addressed in epan/packet.c by restricting the number of layers and consequently limiting recursion.
References
Link | Resource |
---|---|
http://www.securityfocus.com/bid/108464 | Broken Link |
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=15778 | Issue Tracking Patch Vendor Advisory |
https://code.wireshark.org/review/gitweb?p=wireshark.git%3Ba=commit%3Bh=7b6e197da4c497e229ed3ebf6952bae5c426a820 | |
https://lists.debian.org/debian-lts-announce/2020/10/msg00036.html | Mailing List Third Party Advisory |
https://support.f5.com/csp/article/K06725231 | Third Party Advisory |
https://support.f5.com/csp/article/K06725231?utm_source=f5support&%3Butm_medium=RSS | |
https://usn.ubuntu.com/4133-1/ | Third Party Advisory |
https://www.wireshark.org/security/wnpa-sec-2019-19.html | Vendor Advisory |
Configurations
Configuration 1 (hide)
|
Configuration 2 (hide)
|
Configuration 3 (hide)
|
Configuration 4 (hide)
|
History
07 Nov 2023, 03:03
Type | Values Removed | Values Added |
---|---|---|
References |
|
|
03 May 2022, 14:27
Type | Values Removed | Values Added |
---|---|---|
References | (BID) http://www.securityfocus.com/bid/108464 - Broken Link | |
References | (CONFIRM) https://support.f5.com/csp/article/K06725231 - Third Party Advisory | |
References | (MLIST) https://lists.debian.org/debian-lts-announce/2020/10/msg00036.html - Mailing List, Third Party Advisory | |
References | (UBUNTU) https://usn.ubuntu.com/4133-1/ - Third Party Advisory | |
References | (CONFIRM) https://support.f5.com/csp/article/K06725231?utm_source=f5support&utm_medium=RSS - Third Party Advisory | |
CPE | cpe:2.3:a:f5:big-ip_link_controller:*:*:*:*:*:*:*:* cpe:2.3:a:f5:big-ip_analytics:15.1.0:*:*:*:*:*:*:* cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:esm:*:*:* cpe:2.3:a:f5:big-ip_local_traffic_manager:*:*:*:*:*:*:*:* cpe:2.3:a:f5:big-ip_application_acceleration_manager:*:*:*:*:*:*:*:* cpe:2.3:a:f5:big-ip_local_traffic_manager:15.1.0:*:*:*:*:*:*:* cpe:2.3:a:f5:big-ip_domain_name_system:*:*:*:*:*:*:*:* cpe:2.3:a:f5:big-ip_policy_enforcement_manager:*:*:*:*:*:*:*:* cpe:2.3:a:f5:big-ip_policy_enforcement_manager:15.1.0:*:*:*:*:*:*:* cpe:2.3:a:f5:big-ip_application_security_manager:15.1.0:*:*:*:*:*:*:* cpe:2.3:o:canonical:ubuntu_linux:19.04:*:*:*:*:*:*:* cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:* cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:* cpe:2.3:a:f5:big-ip_global_traffic_manager:*:*:*:*:*:*:*:* cpe:2.3:a:f5:big-ip_global_traffic_manager:15.1.0:*:*:*:*:*:*:* cpe:2.3:a:f5:big-ip_fraud_protection_service:15.1.0:*:*:*:*:*:*:* cpe:2.3:a:f5:big-ip_webaccelerator:15.1.0:*:*:*:*:*:*:* cpe:2.3:a:f5:big-ip_access_policy_manager:15.1.0:*:*:*:*:*:*:* cpe:2.3:a:f5:big-ip_fraud_protection_service:*:*:*:*:*:*:*:* cpe:2.3:a:f5:big-ip_link_controller:15.1.0:*:*:*:*:*:*:* cpe:2.3:a:f5:big-ip_advanced_firewall_manager:*:*:*:*:*:*:*:* cpe:2.3:a:f5:big-ip_domain_name_system:15.1.0:*:*:*:*:*:*:* cpe:2.3:a:f5:big-ip_access_policy_manager:*:*:*:*:*:*:*:* cpe:2.3:a:f5:big-ip_application_security_manager:*:*:*:*:*:*:*:* cpe:2.3:a:f5:big-ip_application_acceleration_manager:15.1.0:*:*:*:*:*:*:* cpe:2.3:a:f5:big-ip_edge_gateway:*:*:*:*:*:*:*:* cpe:2.3:a:f5:big-ip_advanced_firewall_manager:15.1.0:*:*:*:*:*:*:* cpe:2.3:a:f5:big-ip_analytics:*:*:*:*:*:*:*:* cpe:2.3:a:f5:big-ip_webaccelerator:*:*:*:*:*:*:*:* cpe:2.3:a:f5:big-ip_edge_gateway:15.1.0:*:*:*:*:*:*:* |
|
CWE | CWE-674 | |
First Time |
Debian debian Linux
F5 big-ip Link Controller Canonical ubuntu Linux F5 big-ip Fraud Protection Service F5 big-ip Domain Name System Canonical F5 big-ip Analytics F5 big-ip Application Security Manager F5 big-ip Edge Gateway Debian F5 F5 big-ip Advanced Firewall Manager F5 big-ip Webaccelerator F5 big-ip Local Traffic Manager F5 big-ip Access Policy Manager F5 big-ip Application Acceleration Manager F5 big-ip Global Traffic Manager F5 big-ip Policy Enforcement Manager |
Information
Published : 2019-05-23 12:29
Updated : 2023-12-10 12:59
NVD link : CVE-2019-12295
Mitre link : CVE-2019-12295
CVE.ORG link : CVE-2019-12295
JSON object : View
Products Affected
f5
- big-ip_link_controller
- big-ip_application_acceleration_manager
- big-ip_fraud_protection_service
- big-ip_webaccelerator
- big-ip_edge_gateway
- big-ip_domain_name_system
- big-ip_local_traffic_manager
- big-ip_global_traffic_manager
- big-ip_application_security_manager
- big-ip_analytics
- big-ip_advanced_firewall_manager
- big-ip_access_policy_manager
- big-ip_policy_enforcement_manager
canonical
- ubuntu_linux
wireshark
- wireshark
debian
- debian_linux
CWE
CWE-674
Uncontrolled Recursion