CVE-2019-10903 : Security Advisory and Response
Learn about CVE-2019-10903 affecting Wireshark versions 2.4.0 to 2.4.13, 2.6.0 to 2.6.7, and 3.0.0. Find out the impact, affected systems, exploitation mechanism, and mitigation steps.
Wireshark versions 2.4.0 to 2.4.13, 2.6.0 to 2.6.7, and 3.0.0 are affected by a boundary check issue in the DCERPC SPOOLSS dissector.
Understanding CVE-2019-10903
This CVE entry addresses a vulnerability in Wireshark versions 2.4.0 to 2.4.13, 2.6.0 to 2.6.7, and 3.0.0 related to the DCERPC SPOOLSS dissector.
What is CVE-2019-10903?
A boundary check was added to epan/dissectors/packet-dcerpc-spoolss.c to prevent the DCERPC SPOOLSS dissector from crashing in the affected Wireshark versions.
The Impact of CVE-2019-10903
The vulnerability could lead to a crash of the DCERPC SPOOLSS dissector in the specified versions of Wireshark.
Technical Details of CVE-2019-10903
This section provides more in-depth technical details about the CVE.
Vulnerability Description
The issue was caused by a lack of proper boundary checks in the DCERPC SPOOLSS dissector, which could result in a crash.
Affected Systems and Versions
- Wireshark versions 2.4.0 to 2.4.13
- Wireshark versions 2.6.0 to 2.6.7
- Wireshark version 3.0.0
Exploitation Mechanism
Exploiting this vulnerability could lead to a denial of service (DoS) condition by crashing the DCERPC SPOOLSS dissector.
Mitigation and Prevention
Protecting systems from CVE-2019-10903 requires specific actions to mitigate the risk.
Immediate Steps to Take
- Update Wireshark to a patched version that includes the boundary check fix.
- Monitor vendor advisories for updates and apply patches promptly.
Long-Term Security Practices
- Regularly update software and security patches to prevent known vulnerabilities.
- Conduct security assessments and audits to identify and address potential weaknesses.
Patching and Updates
- Apply the latest security updates provided by Wireshark to address the vulnerability effectively.