CVE-2019-13619:A vulnerability in Wireshark's ASN.1 BER dissector could lead to crashes in specific versions.

splash
Back

Description Preview

In Wireshark versions 3.0.0 to 3.0.2, 2.6.0 to 2.6.9, and 2.4.0 to 2.4.15, the ASN.1 BER dissector and related dissectors are susceptible to crashes. This issue arises from improper handling of buffer increments, which can lead to unexpected behavior when processing certain inputs. The vulnerability has been addressed in the source code by implementing proper restrictions on buffer increments.

Overview

CVE-2019-13619 is a vulnerability affecting multiple versions of Wireshark, a widely used network protocol analyzer. The ASN.1 BER dissector, which is responsible for decoding ASN.1 BER (Basic Encoding Rules) encoded data, is particularly affected. The vulnerability can be exploited by sending specially crafted packets to the Wireshark application, potentially causing it to crash. This could disrupt network analysis activities and may lead to denial of service for users relying on Wireshark for network diagnostics.

Remediation

To mitigate the risk associated with CVE-2019-13619, users are advised to update their Wireshark installations to the latest versions that have addressed this vulnerability. The affected versions include:

  • Wireshark 3.0.0 to 3.0.2
  • Wireshark 2.6.0 to 2.6.9
  • Wireshark 2.4.0 to 2.4.15

Users should refer to the official Wireshark website or their respective package managers for the latest updates. Additionally, monitoring network traffic for unusual patterns can help identify potential exploitation attempts.

References

  1. Wireshark Bugzilla Report
  2. Wireshark Security Advisory
  3. Wireshark Git Commit
  4. SecurityFocus BID 109293
  5. openSUSE Security Announcement
  6. Fedora Security Announcement 70e93298e3
  7. Fedora Security Announcement 23f7634765
  8. Ubuntu Security Notice USN-4133-1
  9. openSUSE Security Announcement 2020:0362
  10. Debian LTS Security Announcement DLA 2547-1

Industry ExposureMost to least
This section illustrates the prevalence of a specific Common Vulnerabilities and Exposures (CVE) across various industries based on customer reports. The ranking displays industries from the most to least affected by this particular vulnerability, offering valuable insight into where this CVE has been most frequently observed. This information can help organizations within these sectors prioritize their security efforts, understand their relative risk exposure compared to their peers, and focus remediation strategies where they are most needed. By understanding the industry-specific impact, organizations can make more informed decisions regarding patching, resource allocation, and overall risk management related to this CVE.

  1. Manufacturing: Medium
    Manufacturing
  2. Health Care & Social Assistance: Medium
    Health Care & Social Assistance
  3. Public Administration: Medium
    Public Administration
  4. Transportation & Warehousing: Medium
    Transportation & Warehousing
  5. Educational Services: Medium
    Educational Services
  6. Finance and Insurance: Medium
    Finance and Insurance
  7. Professional, Scientific, & Technical Services: Low
    Professional, Scientific, & Technical Services
  8. Retail Trade: Low
    Retail Trade
  9. Other Services (except Public Administration): Low
    Other Services (except Public Administration)
  10. Utilities: Low
    Utilities
  11. Management of Companies & Enterprises: Low
    Management of Companies & Enterprises
  12. Information: Low
    Information
  13. Arts, Entertainment & Recreation: Low
    Arts, Entertainment & Recreation
  14. Accommodation & Food Services: Low
    Accommodation & Food Services
  15. Construction: Low
    Construction
  16. Mining: Low
    Mining
  17. Wholesale Trade: Low
    Wholesale Trade
  18. Administrative, Support, Waste Management & Remediation Services: Low
    Administrative, Support, Waste Management & Remediation Services
  19. Agriculture, Forestry Fishing & Hunting: Low
    Agriculture, Forestry Fishing & Hunting
  20. Real Estate Rental & Leasing: Low
    Real Estate Rental & Leasing

Focus on What Matters

  1. See Everything.
  2. Identify True Risk.
  3. Proactively Mitigate Threats.

Let's talk!

background
Armis Vulnerability Intelligence Database