[3.10] wireshark: dissection engine crash (CVE-2019-12295)
It may be possible to make Wireshark crash by injecting a malformed
packet onto the wire or
by convincing someone to read a malformed packet trace file.
Affected versions: 3.0.0 to 3.0.1, 2.6.0 to 2.6.8, 2.4.0 to 2.4.14
Fixed versions: 3.0.2, 2.6.9, 2.4.15
References:
https://www.wireshark.org/security/wnpa-sec-2019-19.html
https://bugs.wireshark.org/bugzilla/show\_bug.cgi?id=15778
(from redmine: issue id 10501, created on 2019-05-28, closed on 2019-06-05)
- Relations:
- parent #10500 (closed)
- Changesets:
- Revision e5bce08f by Natanael Copa on 2019-06-04T13:38:25Z:
community/wireshark: security upgrade to 3.0.2 (CVE-2019-12295)
fixes #10501
To upload designs, you'll need to enable LFS and have admin enable hashed storage. More information