CVE-2024-0208

GVCP dissector crash in Wireshark 4.2.0, 4.0.0 to 4.0.11, and 3.6.0 to 3.6.19 allows denial of service via packet injection or crafted capture file

CVSS v3 7.8 HIGH

7.8^/10

CVSS v3 : HIGH

V3 Legend

Vector :

Exploitability : 1.8 / Impact : 5.9

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required NONE

User Interaction REQUIRED

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://gitlab.com/wireshark/wireshark/-/issues/19496	Exploit Issue Tracking Vendor Advisory
https://www.wireshark.org/security/wnpa-sec-2024-01.html	Issue Tracking Vendor Advisory
https://gitlab.com/wireshark/wireshark/-/issues/19496	Exploit Issue Tracking Vendor Advisory
https://lists.debian.org/debian-lts-announce/2024/02/msg00016.html
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/34DBP5P2RHQ7XUABPANYYMOGV5KS6VEP/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MADSCHKZSCKQ5NLIX3UMOIJD2JZ65L4V/
https://www.wireshark.org/security/wnpa-sec-2024-01.html	Issue Tracking Vendor Advisory

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:wireshark:wireshark::::::::
	cpe:2.3:a:wireshark:wireshark::::::::
	cpe:2.3:a:wireshark:wireshark:4.2.0:::::::*

History

21 Nov 2024, 08:46

Type	Values Removed	Values Added
References		() https://lists.debian.org/debian-lts-announce/2024/02/msg00016.html - () https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/34DBP5P2RHQ7XUABPANYYMOGV5KS6VEP/ - () https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MADSCHKZSCKQ5NLIX3UMOIJD2JZ65L4V/ -
References	~~() https://gitlab.com/wireshark/wireshark/-/issues/19496 - Exploit, Issue Tracking, Vendor Advisory~~	() https://gitlab.com/wireshark/wireshark/-/issues/19496 - Exploit, Issue Tracking, Vendor Advisory
References	~~() https://www.wireshark.org/security/wnpa-sec-2024-01.html - Issue Tracking, Vendor Advisory~~	() https://www.wireshark.org/security/wnpa-sec-2024-01.html - Issue Tracking, Vendor Advisory
CVSS	v2 : ~~unknown~~ v3 : ~~7.5~~	v2 : unknown v3 : 7.8

08 Oct 2024, 18:58

Type	Values Removed	Values Added
CWE	~~CWE-674~~	NVD-CWE-Other

03 Oct 2024, 07:15

Type	Values Removed	Values Added
CWE		CWE-230

29 Aug 2024, 15:15

Type	Values Removed	Values Added
References	~~{'url': 'https://lists.debian.org/debian-lts-announce/2024/02/msg00016.html', 'source': 'cve@gitlab.com'}~~ ~~{'url': 'https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/34DBP5P2RHQ7XUABPANYYMOGV5KS6VEP/', 'source': 'cve@gitlab.com'}~~ ~~{'url': 'https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MADSCHKZSCKQ5NLIX3UMOIJD2JZ65L4V/', 'source': 'cve@gitlab.com'}~~

01 Mar 2024, 02:15

Type	Values Removed	Values Added
References		() https://lists.debian.org/debian-lts-announce/2024/02/msg00016.html -

11 Feb 2024, 06:15

Type	Values Removed	Values Added
References		() https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MADSCHKZSCKQ5NLIX3UMOIJD2JZ65L4V/ -

10 Feb 2024, 02:15

Type	Values Removed	Values Added
References		() https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/34DBP5P2RHQ7XUABPANYYMOGV5KS6VEP/ -

03 Jan 2024, 08:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2024-01-03 08:15

Updated : 2024-11-21 08:46

NVD link : CVE-2024-0208

Mitre link : CVE-2024-0208

CVE.ORG link : CVE-2024-0208

JSON object : View

Products Affected

wireshark

wireshark

CWE

CWE-230

Improper Handling of Missing Values

NVD-CWE-Other

7.8 /10