Free and open-source vulnerability scanner
Mageni eases for you the vulnerability scanning, assessment, and management process. It is free and open-source.
Install NowAvailable for macOS, Windows, and Linux
Debian LTS: Security Advisory for wireshark (DLA-2547-1)
Information
Severity
Severity
Family
Family
CVSSv2 Base
CVSSv2 Base
CVSSv2 Vector
CVSSv2 Vector
Solution Type
Solution Type
Created
Created
Modified
Modified
Summary
The remote host is missing an update for the 'wireshark' package(s) announced via the DLA-2547-1 advisory.
Insight
Insight
Several vulnerabilities were fixed in Wireshark, a network sniffer. CVE-2019-13619 ASN.1 BER and related dissectors crash. CVE-2019-16319 The Gryphon dissector could go into an infinite loop. CVE-2019-19553 The CMS dissector could crash. CVE-2020-7045 The BT ATT dissector could crash. CVE-2020-9428 The EAP dissector could crash. CVE-2020-9430 The WiMax DLMAP dissector could crash. CVE-2020-9431 The LTE RRC dissector could leak memory. CVE-2020-11647 The BACapp dissector could crash. CVE-2020-13164 The NFS dissector could crash. CVE-2020-15466 The GVCP dissector could go into an infinite loop. CVE-2020-25862 The TCP dissector could crash. CVE-2020-25863 The MIME Multipart dissector could crash. CVE-2020-26418 Memory leak in the Kafka protocol dissector. CVE-2020-26421 Crash in USB HID protocol dissector. CVE-2020-26575 The Facebook Zero Protocol (aka FBZERO) dissector could enter an infinite loop. CVE-2020-28030 The GQUIC dissector could crash.
Affected Software
Affected Software
'wireshark' package(s) on Debian Linux.
Detection Method
Detection Method
Checks if a vulnerable package version is present on the target host.
Solution
Solution
For Debian 9 stretch, these problems have been fixed in version 2.6.20-0+deb9u1. We recommend that you upgrade your wireshark packages.