CVE: CVE-2019-16319 - CVE-Search

CVE Details for CVE: CVE-2019-16319

Summary

In Wireshark 3.0.0 to 3.0.3 and 2.6.0 to 2.6.10, the Gryphon dissector could go into an infinite loop. This was addressed in plugins/epan/gryphon/packet-gryphon.c by checking for a message length of zero.

Timestamps
Last major update	07-11-2023 - 03:05
Published	15-09-2019 - 16:15
Last modified	07-11-2023 - 03:05

References

Vulnerable Configurations

cpe:2.3:a:wireshark:wireshark:2.6.0:*:*:*:*:*:*:*
cpe:2.3:a:wireshark:wireshark:2.6.0:*:*:*:*:*:*:*
cpe:2.3:a:wireshark:wireshark:2.6.1:*:*:*:*:*:*:*
cpe:2.3:a:wireshark:wireshark:2.6.1:*:*:*:*:*:*:*
cpe:2.3:a:wireshark:wireshark:2.6.2:*:*:*:*:*:*:*
cpe:2.3:a:wireshark:wireshark:2.6.2:*:*:*:*:*:*:*
cpe:2.3:a:wireshark:wireshark:2.6.3:*:*:*:*:*:*:*
cpe:2.3:a:wireshark:wireshark:2.6.3:*:*:*:*:*:*:*
cpe:2.3:a:wireshark:wireshark:2.6.4:*:*:*:*:*:*:*
cpe:2.3:a:wireshark:wireshark:2.6.4:*:*:*:*:*:*:*
cpe:2.3:a:wireshark:wireshark:2.6.5:*:*:*:*:*:*:*
cpe:2.3:a:wireshark:wireshark:2.6.5:*:*:*:*:*:*:*
cpe:2.3:a:wireshark:wireshark:2.6.6:*:*:*:*:*:*:*
cpe:2.3:a:wireshark:wireshark:2.6.6:*:*:*:*:*:*:*
cpe:2.3:a:wireshark:wireshark:2.6.7:*:*:*:*:*:*:*
cpe:2.3:a:wireshark:wireshark:2.6.7:*:*:*:*:*:*:*
cpe:2.3:a:wireshark:wireshark:2.6.8:*:*:*:*:*:*:*
cpe:2.3:a:wireshark:wireshark:2.6.8:*:*:*:*:*:*:*
cpe:2.3:a:wireshark:wireshark:2.6.9:*:*:*:*:*:*:*
cpe:2.3:a:wireshark:wireshark:2.6.9:*:*:*:*:*:*:*
cpe:2.3:a:wireshark:wireshark:2.6.10:*:*:*:*:*:*:*
cpe:2.3:a:wireshark:wireshark:2.6.10:*:*:*:*:*:*:*
cpe:2.3:a:wireshark:wireshark:3.0.0:*:*:*:*:*:*:*
cpe:2.3:a:wireshark:wireshark:3.0.0:*:*:*:*:*:*:*
cpe:2.3:a:wireshark:wireshark:3.0.1:*:*:*:*:*:*:*
cpe:2.3:a:wireshark:wireshark:3.0.1:*:*:*:*:*:*:*
cpe:2.3:a:wireshark:wireshark:3.0.2:*:*:*:*:*:*:*
cpe:2.3:a:wireshark:wireshark:3.0.2:*:*:*:*:*:*:*
cpe:2.3:a:wireshark:wireshark:3.0.3:*:*:*:*:*:*:*
cpe:2.3:a:wireshark:wireshark:3.0.3:*:*:*:*:*:*:*
cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*
cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*

CAPEC

Click the CAPEC title to display a description

CWE

CWE-835

CVSS

Base

7.8

Impact

6.9

Exploitability

10.0

Access

Vector	Complexity	Authentication
NETWORK	LOW	NONE

Impact

Confidentiality	Integrity	Availability
NONE	NONE	COMPLETE

CVSS3

Base

7.5

Impact

3.6

Exploitability

3.9

Access

Attack Complexity	Attack vector	Privileges Required	Scope	User Interaction
LOW	NETWORK	NONE	UNCHANGED	NONE

Impact

Confidentiality	Integrity	Availability
NONE	NONE	HIGH

VIA4 references

cvss-vector via4

AV:N/AC:L/Au:N/C:N/I:N/A:C

cvss3-vector via4

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

refmap via4

misc	https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=16020 https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=02ddd49885c6a09e936a76aceb726ed06539704a https://www.wireshark.org/security/wnpa-sec-2019-21.html
suse	openSUSE-SU-2020:0362