CVE-2019-19553 — HIGH (7.5)

Q: How severe is CVE-2019-19553?

CVE-2019-19553 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2019-19553?

Check the references section above for vendor advisories and patch information. Affected products include: Wireshark Wireshark, Opensuse Leap, Oracle Solaris, Oracle Zfs Storage Appliance, Debian Debian Linux.

Vulnerability Description

In Wireshark 3.0.0 to 3.0.6 and 2.6.0 to 2.6.12, the CMS dissector could crash. This was addressed in epan/dissectors/asn1/cms/packet-cms-template.c by ensuring that an object identifier is set to NULL after a ContentInfo dissection.

CVSS Score

7.5

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

NONE

Integrity

NONE

Availability

HIGH

Affected Products

Vendor	Product	Versions
Wireshark	Wireshark	>= 2.6.0, <= 2.6.12
Opensuse	Leap	15.1
Oracle	Solaris	11
Oracle	Zfs Storage Appliance	8.8
Debian	Debian Linux	9.0

Related Weaknesses (CWE)

CWE-909

References

http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00027.htmlMailing ListThird Party Advisory
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=15961Issue TrackingVendor Advisory
https://code.wireshark.org/review/gitweb?p=wireshark.git%3Ba=commit%3Bh=34d2e0d5
https://lists.debian.org/debian-lts-announce/2021/02/msg00008.htmlMailing ListThird Party Advisory
https://www.oracle.com/security-alerts/cpuapr2020.htmlThird Party Advisory
https://www.wireshark.org/security/wnpa-sec-2019-22.htmlVendor Advisory
http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00027.htmlMailing ListThird Party Advisory
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=15961Issue TrackingVendor Advisory
https://code.wireshark.org/review/gitweb?p=wireshark.git%3Ba=commit%3Bh=34d2e0d5
https://lists.debian.org/debian-lts-announce/2021/02/msg00008.htmlMailing ListThird Party Advisory
https://www.oracle.com/security-alerts/cpuapr2020.htmlThird Party Advisory
https://www.wireshark.org/security/wnpa-sec-2019-22.htmlVendor Advisory

FAQ

What is CVE-2019-19553?

CVE-2019-19553 is a vulnerability with a CVSS score of 7.5 (HIGH). In Wireshark 3.0.0 to 3.0.6 and 2.6.0 to 2.6.12, the CMS dissector could crash. This was addressed in epan/dissectors/asn1/cms/packet-cms-template.c by ensuring that an object identifier is set to NUL...

How severe is CVE-2019-19553?

CVE-2019-19553 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2019-19553?

Check the references section above for vendor advisories and patch information. Affected products include: Wireshark Wireshark, Opensuse Leap, Oracle Solaris, Oracle Zfs Storage Appliance, Debian Debian Linux.