==================================================================== CERT-Renater Note d'Information No. 2018/VULN012 _____________________________________________________________________ DATE : 17/01/2019 HARDWARE PLATFORM(S): / OPERATING SYSTEM(S): Systems running wireshark versions prior to 2.6.6, 2.4.12. ===================================================================== https://www.wireshark.org/security/wnpa-sec-2019-01.html https://www.wireshark.org/security/wnpa-sec-2019-02.html https://www.wireshark.org/security/wnpa-sec-2019-03.html https://www.wireshark.org/security/wnpa-sec-2019-04.html https://www.wireshark.org/security/wnpa-sec-2019-05.html _____________________________________________________________________ wnpa-sec-2019-01 · 6LoWPAN dissector crash Summary Name: 6LoWPAN dissector crash Docid: wnpa-sec-2019-01 Date: January 8, 2019 Affected versions: 2.6.0 to 2.6.5 Fixed versions: 2.6.6 References: Wireshark bug 15217 CVE-2019-5716 Details Description The 6LoWPAN dissector could crash. Impact It may be possible to make Wireshark crash by injecting a malformed packet onto the wire or by convincing someone to read a malformed packet trace file. Resolution Upgrade to Wireshark 2.6.6 or later. _____________________________________________________________________ wnpa-sec-2019-02 · P_MUL dissector crash Summary Name: P_MUL dissector crash Docid: wnpa-sec-2019-02 Date: January 8, 2019 Affected versions: 2.6.0 to 2.6.5, 2.4.0 to 2.4.11 Fixed versions: 2.6.6, 2.4.12 References: Wireshark bug 15337 CVE-2019-5717 Details Description The P_MUL dissector could crash. Impact It may be possible to make Wireshark crash by injecting a malformed packet onto the wire or by convincing someone to read a malformed packet trace file. Resolution Upgrade to Wireshark 2.6.6, 2.4.12 or later. _____________________________________________________________________ wnpa-sec-2019-03 · RTSE dissector crash Summary Name: RTSE dissector crash Docid: wnpa-sec-2019-03 Date: January 8, 2019 Affected versions: 2.6.0 to 2.6.5, 2.4.0 to 2.4.11 Fixed versions: 2.6.6, 2.4.12 References: Wireshark bug 15373 CVE-2019-5718 Details Description The RTSE dissector and other ASN.1 dissectors could crash. Discovered by Mateusz Jurczyk. Impact It may be possible to make Wireshark crash by injecting a malformed packet onto the wire or by convincing someone to read a malformed packet trace file. Resolution Upgrade to Wireshark 2.6.6, 2.4.12 or later. ² _____________________________________________________________________ wnpa-sec-2019-04 · ISAKMP dissector crash Summary Name: ISAKMP dissector crash Docid: wnpa-sec-2019-04 Date: January 8, 2019 Affected versions: 2.6.0 to 2.6.5, 2.4.0 to 2.4.11 Fixed versions: 2.6.6, 2.4.12 References: Wireshark bug 15374 CVE-2019-5719 Details Description The ISAKMP dissector could crash. Discovered by Mateusz Jurczyk. Impact It may be possible to make Wireshark crash by injecting a malformed packet onto the wire or by convincing someone to read a malformed packet trace file. Resolution Upgrade to Wireshark 2.6.6, 2.4.12 or later. _____________________________________________________________________ wnpa-sec-2019-05 · ENIP dissector crash Summary Name: ENIP dissector crash Docid: wnpa-sec-2019-05 Date: January 8, 2019 Affected versions: 2.4.0 to 2.4.11 Fixed versions: 2.4.12 References: Wireshark bug 14470 Details Description The ENIP protocol dissector could crash. Discovered by Otto Airamo and Antti Levomäki, Forcepoint. Impact It may be possible to make Wireshark crash by injecting a malformed packet onto the wire or by convincing someone to read a malformed packet trace file. Resolution Upgrade to Wireshark 2.4.12 or later. ========================================================= + CERT-RENATER | tel : 01-53-94-20-44 + + 23/25 Rue Daviel | fax : 01-53-94-20-41 + + 75013 Paris | email:cert@support.renater.fr + =========================================================