KLA11401 Multiple vulnerabilities in Wireshark

Multiple serious vulnerabilities were found in Wireshark. Malicious users can exploit these vulnerabilities to cause denial of service.

Below is a complete list of vulnerabilities:

1. An unspecified vulnerability in 6LoWPAN dissector can be exploited remotely via malformed packet to cause denial of service;
2. An unspecified vulnerability in P_MUL dissector can be exploited remotely via malformed packet to cause denial of service;
3. An unspecified vulnerability in RTSE dissector can be exploited remotely via malformed packet to cause denial of service;
4. An unspecified vulnerability in ISAKMP dissector can be exploited remotely via malformed packet to cause denial of service;
5. An unspecified vulnerability in ENIP protocol dissector can be exploited remotely via malformed packet to cause denial of service;

Original advisories

wnpa-sec-2019-01

wnpa-sec-2019-02

wnpa-sec-2019-03

wnpa-sec-2019-04

wnpa-sec-2019-05

Related products

Wireshark

CVE list

CVE-2019-5716 warning

CVE-2019-5717 warning

CVE-2019-5718 warning

CVE-2019-5719 warning

CVE-2019-5721 warning

Solution

Update to the latest version

Get Wireshark

Impacts

• DoS

Denial of service. Exploitation of vulnerabilities with this impact can lead to loss of system availability or critical functional fault.

• SB

Security bypass. Exploitation of vulnerabilities with this impact can lead to performing actions restricted by current security settings.

Affected Products

• Wireshark 2.6.x earlier than 2.6.6Wireshark 2.4.x earlier than 2.4.12