NULL pointer dereference in Debian Linux

#VU33486 NULL pointer dereference in Debian Linux

Published: 2019-02-28 | Updated: 2020-08-04

Vulnerability identifier: #VU33486

Vulnerability risk: Medium

CVSSv3.1: 6.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2019-9214

CWE-ID: CWE-476

Exploitation vector: Network

Exploit availability: No

Vulnerable software:
Debian Linux
Operating systems & Components / Operating system

Vendor: Debian

Description

The vulnerability allows a remote non-authenticated attacker to perform a denial of service (DoS) attack.

In Wireshark 2.4.0 to 2.4.12 and 2.6.0 to 2.6.6, the RPCAP dissector could crash. This was addressed in epan/dissectors/packet-rpcap.c by avoiding an attempted dereference of a NULL conversation.

Mitigation
Install update from vendor's website.

Vulnerable software versions

Debian Linux: 9.0

External links
http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00007.html
http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00027.html
http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00027.html
http://www.securityfocus.com/bid/107203
http://bugs.wireshark.org/bugzilla/show_bug.cgi?id=15536
http://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=c557bb0910be271e49563756411a690a1bc53ce5
http://seclists.org/bugtraq/2019/Mar/35
http://usn.ubuntu.com/3986-1/
http://www.debian.org/security/2019/dsa-4416
http://www.wireshark.org/security/wnpa-sec-2019-08.html

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

Latest bulletins with this vulnerability

OpenSUSE Linux update for wireshark

NULL pointer dereference in wireshark (Alpine package)

NULL pointer dereference in Debian Linux