-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

===========================================================================
                         AUSCERT Security Bulletin

                               ASB-2019.0150
                     Wireshark dissection engine crash
                                23 May 2019

===========================================================================

        AusCERT Security Bulletin Summary
        ---------------------------------

Product:              Wireshark
Operating System:     UNIX variants (UNIX, Linux, OSX)
                      Windows
Impact/Access:        Denial of Service -- Remote with User Interaction
Resolution:           Patch/Upgrade
Member content until: Saturday, June 22 2019

OVERVIEW

        A denial of service attack has been identified in Wireshark prior to:
        
        	* Wireshark 2.4.15
        	* Wireshark 2.6.9
        	* Wireshark 3.0.2
        
        [1] 


IMPACT

        Wireshark could be crashed by injecting a malformed packet via either the wire
        or through a malformed packet trace.


MITIGATION

        The maintainer advises updating to the latest version of Wireshark. [1]


REFERENCES

        [1] wnpa-sec-2019-19 · Wireshark dissection engine crash
            https://www.wireshark.org/security/wnpa-sec-2019-19.html

AusCERT has made every effort to ensure that the information contained
in this document is accurate.  However, the decision to use the information
described is the responsibility of each user or organisation. The decision to
follow or act on information or advice contained in this security bulletin is
the responsibility of each user or organisation, and should be considered in
accordance with your organisation's site policies and procedures. AusCERT
takes no responsibility for consequences which may arise from following or
acting on information or advice contained in this security bulletin.

===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072

Internet Email: auscert@auscert.org.au
Facsimile:      (07) 3365 7031
Telephone:      (07) 3365 4417 (International: +61 7 3365 4417)
                AusCERT personnel answer during Queensland business hours 
                which are GMT+10:00 (AEST).
                On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967

iQIVAwUBXOY93maOgq3Tt24GAQiVFA//fSkwN+F5ZPi4NBTgprTX9ebWo8BuzCht
O29tTWz79KnrEpetFQXrieeM8DzbnIbyn1NV9Xl0lZR9R9MT+6HX1FadvZ3BwXIX
nH7i+JlHsM5F/HPHofEeOmQCnsE4QWK2hwDo82TsKiGFhFKHnQh4FIiJ1RNkGB/D
KBTSKJNJk1wIZylROyhFBjTh5zF0AWMGSx1O2IXOjk1axBeM0yQuwbRcsCn75sm+
+nQxz3WWW5FxaHtP6I9dbD/RGtmpO3NhSO+CvFOYX7P9wDw1nTiiob4oED+QszBP
WaQq7/KAs/1zuDw0qOPAYmDpufWs2KY0JVD7tgaWMoP7Raphs9ecUr4jNI/3noH9
BKR581FLjaQJMiK1jl5qMSncs7VKV1r4cHQzcvmbML8WQvi8onkmtiHfAo26zOAT
VJjLHuMFSV/iCbchxsh0mrhpadu7xWOT3TEkb6pXTunje7RDbGR9DyI46vT0iO44
MjucjC6DlMeuiK/Erd04V53+L8XU+UwYcYqfKzx0aO2ABZu/BufSyfs5ZbvzvV8u
ZSxFg+qDigj2cJVh2pcSxF3psq6NMAqNzAJO6QDu3svfebj7e4fjGXA3fikot6a8
58GKdjgKOipt/zBSQSZC1WUkmey+uADalS7yCC3nnDIqve2SHZ9LWvdINBNDpU55
sxbsoxcJVE4=
=T8zb
-----END PGP SIGNATURE-----