wireshark: dissection engine crash (CVE-2019-12295) (#10500) · Issues · alpine / aports

wireshark: dissection engine crash (CVE-2019-12295)

It may be possible to make Wireshark crash by injecting a malformed packet onto the wire or
by convincing someone to read a malformed packet trace file.

Affected versions: 3.0.0 to 3.0.1, 2.6.0 to 2.6.8, 2.4.0 to 2.4.14
Fixed versions: 3.0.2, 2.6.9, 2.4.15

References:

https://www.wireshark.org/security/wnpa-sec-2019-19.html
https://bugs.wireshark.org/bugzilla/show\_bug.cgi?id=15778

(from redmine: issue id 10500, created on 2019-05-28, closed on 2019-06-05)

Relations:
- child #10501 (closed)
- child #10502 (closed)

To upload designs, you'll need to enable LFS and have an admin enable hashed storage. More information