wireshark: dissection engine crash (CVE-2019-12295)
It may be possible to make Wireshark crash by injecting a malformed
packet onto the wire or
by convincing someone to read a malformed packet trace file.
Affected versions: 3.0.0 to 3.0.1, 2.6.0 to 2.6.8, 2.4.0 to 2.4.14
Fixed versions: 3.0.2, 2.6.9, 2.4.15
References:
https://www.wireshark.org/security/wnpa-sec-2019-19.html
https://bugs.wireshark.org/bugzilla/show\_bug.cgi?id=15778
(from redmine: issue id 10500, created on 2019-05-28, closed on 2019-06-05)
- Relations:
- child #10501 (closed)
- child #10502 (closed)