CVE-2019-12295

Home/CVE/In Wireshark 3.0.0 to 3.0.1, 2.6.0 to 2.6.8, and 2.4.0 to 2.4.14, the dissection engine could crash. This was addressed

CVE

In Wireshark 3.0.0 to 3.0.1, 2.6.0 to 2.6.8, and 2.4.0 to 2.4.14, the dissection engine could crash. This was addressed

In Wireshark 3.0.0 to 3.0.1, 2.6.0 to 2.6.8, and 2.4.0 to 2.4.14, the dissection engine could crash. This was addressed in epan/packet.c by restricting the number of layers and consequently limiting recursion.

HIGH · CVSS 7.5 EPSS 0.014

Schedule remediation

CVSS base score ≥ 7.0

Sigma rules0 YARA rules0

⬡

Weakness Classification

CWE-674Uncontrolled Recursion

▤

Affected Products & Versions

wireshark>= 2.4.0 and <= 2.4.14
wireshark>= 2.6.0 and <= 2.6.8
wireshark>= 3.0.0 and <= 3.0.1
debian linuxall versions
canonical ubuntu linuxall versions
f5 big-ip access policy manager>= 12.1.3.6 and < 12.1.5.3
f5 big-ip access policy manager>= 13.1.1.2 and < 13.1.3.5
f5 big-ip access policy manager>= 14.0.0.3 and <= 14.0.1
Show all 58 affected productsf5 big-ip access policy manager>= 14.1.0 and < 14.1.2.8
f5 big-ip access policy manager>= 15.0.0 and <= 15.0.1
f5 big-ip access policy managerall versions
f5 big-ip advanced firewall manager>= 12.1.3.6 and < 12.1.5.3
f5 big-ip advanced firewall manager>= 13.1.1.2 and < 13.1.3.5
f5 big-ip advanced firewall manager>= 14.0.0.3 and <= 14.0.1
f5 big-ip advanced firewall manager>= 14.1.0 and < 14.1.2.8
f5 big-ip advanced firewall manager>= 15.0.0 and <= 15.0.1
f5 big-ip advanced firewall managerall versions
f5 big-ip analytics>= 12.1.3.6 and < 12.1.5.3
f5 big-ip analytics>= 13.1.1.2 and < 13.1.3.5
f5 big-ip analytics>= 14.0.0.3 and <= 14.0.1
f5 big-ip analytics>= 14.1.0 and < 14.1.2.8
f5 big-ip analytics>= 15.0.0 and <= 15.0.1
f5 big-ip analyticsall versions
f5 big-ip application acceleration manager>= 12.1.3.6 and < 12.1.5.3
f5 big-ip application acceleration manager>= 13.1.1.2 and < 13.1.3.5
f5 big-ip application acceleration manager>= 14.0.0.3 and <= 14.0.1
f5 big-ip application acceleration manager>= 14.1.0 and < 14.1.2.8
f5 big-ip application acceleration manager>= 15.0.0 and <= 15.0.1
f5 big-ip application acceleration managerall versions
f5 big-ip application security manager>= 12.1.3.6 and < 12.1.5.3
f5 big-ip application security manager>= 13.1.1.2 and < 13.1.3.5
f5 big-ip application security manager>= 14.0.0.3 and <= 14.0.1
f5 big-ip application security manager>= 15.0.0 and <= 15.0.1
f5 big-ip application security managerall versions
f5 big-ip domain name system>= 12.1.3.6 and < 12.1.5.3
f5 big-ip domain name system>= 13.1.1.2 and < 13.1.3.5
f5 big-ip domain name system>= 14.0.0.3 and <= 14.0.1
f5 big-ip domain name system>= 14.1.0 and < 14.1.2.8
f5 big-ip domain name system>= 15.0.0 and <= 15.0.1
f5 big-ip domain name systemall versions
f5 big-ip edge gateway>= 12.1.3.6 and < 12.1.5.3
f5 big-ip edge gateway>= 13.1.1.2 and < 13.1.3.5
f5 big-ip edge gateway>= 14.0.0.3 and <= 14.0.1
f5 big-ip edge gateway>= 14.1.0 and < 14.1.2
f5 big-ip edge gateway>= 15.0.0 and <= 15.0.1
f5 big-ip edge gatewayall versions
f5 big-ip fraud protection service>= 12.1.3.6 and < 12.1.5.3
f5 big-ip fraud protection service>= 13.1.1.2 and < 13.1.3.5
f5 big-ip fraud protection service>= 14.0.0.3 and <= 14.0.1
f5 big-ip fraud protection service>= 14.1.0 and < 14.1.2
f5 big-ip fraud protection service>= 15.0.0 and <= 15.0.1
f5 big-ip fraud protection serviceall versions
f5 big-ip global traffic manager>= 12.1.3.6 and < 12.1.5.3
f5 big-ip global traffic manager>= 13.1.1.2 and < 13.1.3.5
f5 big-ip global traffic manager>= 14.0.0.3 and <= 14.0.1
f5 big-ip global traffic manager>= 14.1.0 and < 14.1.2.8
f5 big-ip global traffic manager>= 15.0.0 and <= 15.0.1
f5 big-ip global traffic managerall versions