CVE-2019-10897

Impact:
Moderate
Public Date:
2019-03-04
CWE:
CWE-835
Bugzilla:
1697961: CVE-2019-10897 wireshark: IEEE 802.11 dissector infinite loop (wnpa-sec-2019-11 )

The MITRE CVE dictionary describes this issue as:

In Wireshark 3.0.0, the IEEE 802.11 dissector could go into an infinite loop. This was addressed in epan/dissectors/packet-ieee80211.c by detecting cases in which the bit offset does not advance.

Find out more about CVE-2019-10897 from the MITRE CVE dictionary dictionary and NIST NVD.

Statement

This issue did not affect the versions of wireshark as shipped with Red Hat Enterprise Linux 8 as they did not include the vulnerable functions.

CVSS v3 metrics

NOTE: The following CVSS v3 metrics and score provided are preliminary and subject to review.

CVSS3 Base Score 4.5
CVSS3 Base Metrics CVSS:3.0/AV:A/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:H
Attack Vector Adjacent Network
Attack Complexity High
Privileges Required Low
User Interaction Required
Scope Unchanged
Confidentiality None
Integrity Impact None
Availability Impact High

Affected Packages State

Platform Package State
Red Hat Enterprise Linux 8 wireshark Not affected

External References

Last Modified

CVE description copyright © 2017, The MITRE Corporation