Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 690192 (CVE-2019-13619, wnpa-sec-2019-20)

Summary: <net-analyzer/wireshark-3.0.3 : ASN.1 BER and related dissectors could crash
Product: Gentoo Security Reporter: D'juan McDonald (domhnall) <flopwiki>
Component: VulnerabilitiesAssignee: Gentoo Security <security>
Status: RESOLVED FIXED    
Severity: minor CC: netmon
Priority: Normal    
Version: unspecified   
Hardware: All   
OS: Linux   
URL: https://www.wireshark.org/security/wnpa-sec-2019-20.html
See Also: https://bugs.gentoo.org/show_bug.cgi?id=694134
https://bugs.gentoo.org/show_bug.cgi?id=702028
Whiteboard: B3 [noglsa cve]
Package list:
Runtime testing required: ---

Description D'juan McDonald (domhnall) 2019-07-19 01:29:21 UTC 
(http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13619):

In Wireshark 3.0.0 to 3.0.2, 2.6.0 to 2.6.9, and 2.4.0 to 2.4.15, the ASN.1 BER dissector and related dissectors could crash. This was addressed in epan/asn1.c by properly restricting buffer increments.


Gentoo Security Padawan
(domhnall)
Comment 1 Sam James archtester Gentoo Infrastructure gentoo-dev Security 2020-03-26 19:33:16 UTC 
Tree is clean!
Comment 2 Yury German Gentoo Infrastructure gentoo-dev 2020-04-16 07:41:14 UTC 
GLSA Vote: No
Thank you all for you work. 
Closing as [noglsa].