CVE-2019-9209 — MEDIUM (5.5)

Q: How severe is CVE-2019-9209?

CVE-2019-9209 has been rated MEDIUM with a CVSS base score of 5.5/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2019-9209?

Check the references section above for vendor advisories and patch information. Affected products include: Wireshark Wireshark, Debian Debian Linux, Canonical Ubuntu Linux, Opensuse Leap.

Vulnerability Description

In Wireshark 2.4.0 to 2.4.12 and 2.6.0 to 2.6.6, the ASN.1 BER and related dissectors could crash. This was addressed in epan/dissectors/packet-ber.c by preventing a buffer overflow associated with excessive digits in time values.

CVSS Score

5.5

MEDIUM

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality

NONE

Integrity

NONE

Availability

HIGH

Affected Products

Vendor	Product	Versions
Wireshark	Wireshark	>= 2.4.0, <= 2.4.12
Debian	Debian Linux	8.0
Canonical	Ubuntu Linux	16.04
Opensuse	Leap	15.0

Related Weaknesses (CWE)

CWE-193 CWE-787

References

http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00007.htmlMailing ListThird Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00027.htmlMailing ListThird Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00027.htmlMailing ListThird Party Advisory
http://www.securityfocus.com/bid/107203Broken Link
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=15447ExploitIssue TrackingPatch
https://code.wireshark.org/review/gitweb?p=wireshark.git%3Ba=commit%3Bh=f8fbe9f9
https://lists.debian.org/debian-lts-announce/2019/03/msg00031.htmlMailing ListThird Party Advisory
https://seclists.org/bugtraq/2019/Mar/35Mailing ListThird Party Advisory
https://usn.ubuntu.com/3986-1/Third Party Advisory
https://www.debian.org/security/2019/dsa-4416Third Party Advisory
https://www.wireshark.org/security/wnpa-sec-2019-06.htmlVendor Advisory
http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00007.htmlMailing ListThird Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00027.htmlMailing ListThird Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00027.htmlMailing ListThird Party Advisory
http://www.securityfocus.com/bid/107203Broken Link

FAQ

What is CVE-2019-9209?

CVE-2019-9209 is a vulnerability with a CVSS score of 5.5 (MEDIUM). In Wireshark 2.4.0 to 2.4.12 and 2.6.0 to 2.6.6, the ASN.1 BER and related dissectors could crash. This was addressed in epan/dissectors/packet-ber.c by preventing a buffer overflow associated with ex...

How severe is CVE-2019-9209?

CVE-2019-9209 has been rated MEDIUM with a CVSS base score of 5.5/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2019-9209?

Check the references section above for vendor advisories and patch information. Affected products include: Wireshark Wireshark, Debian Debian Linux, Canonical Ubuntu Linux, Opensuse Leap.