CVE-2024-0208

GVCP dissector crash in Wireshark 4.2.0, 4.0.0 to 4.0.11, and 3.6.0 to 3.6.19 allows denial of service via packet injection or crafted capture file

CVSS v3 7.5 HIGH

7.5^/10

CVSS v3 : HIGH

V3 Legend

Vector :

Exploitability : 3.9 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://gitlab.com/wireshark/wireshark/-/issues/19496	Exploit Issue Tracking Vendor Advisory
https://lists.debian.org/debian-lts-announce/2024/02/msg00016.html
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/34DBP5P2RHQ7XUABPANYYMOGV5KS6VEP/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MADSCHKZSCKQ5NLIX3UMOIJD2JZ65L4V/
https://www.wireshark.org/security/wnpa-sec-2024-01.html	Issue Tracking Vendor Advisory

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:wireshark:wireshark::::::::
	cpe:2.3:a:wireshark:wireshark::::::::
	cpe:2.3:a:wireshark:wireshark:4.2.0:::::::*

History

01 Mar 2024, 02:15

Type	Values Removed	Values Added
References		() https://lists.debian.org/debian-lts-announce/2024/02/msg00016.html -

11 Feb 2024, 06:15

Type	Values Removed	Values Added
References		() https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MADSCHKZSCKQ5NLIX3UMOIJD2JZ65L4V/ -

10 Feb 2024, 02:15

Type	Values Removed	Values Added
References		() https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/34DBP5P2RHQ7XUABPANYYMOGV5KS6VEP/ -

09 Jan 2024, 19:19

Type	Values Removed	Values Added
First Time		Wireshark Wireshark wireshark
References	~~() https://gitlab.com/wireshark/wireshark/-/issues/19496 -~~	() https://gitlab.com/wireshark/wireshark/-/issues/19496 - Exploit, Issue Tracking, Vendor Advisory
References	~~() https://www.wireshark.org/security/wnpa-sec-2024-01.html -~~	() https://www.wireshark.org/security/wnpa-sec-2024-01.html - Issue Tracking, Vendor Advisory
CPE		cpe:2.3:a:wireshark:wireshark:4.2.0:::::::* cpe:2.3:a:wireshark:wireshark::::::::
CVSS	v2 : ~~unknown~~ v3 : ~~7.8~~	v2 : unknown v3 : 7.5

03 Jan 2024, 13:48

Type	Values Removed	Values Added
Summary		(es) El fallo del disector GVCP en Wireshark 4.2.0, 4.0.0 a 4.0.11 y 3.6.0 a 3.6.19 permite la denegación de servicio mediante inyección de paquetes o archivo de captura manipulado

03 Jan 2024, 08:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2024-01-03 08:15

Updated : 2024-03-01 02:15

NVD link : CVE-2024-0208

Mitre link : CVE-2024-0208

CVE.ORG link : CVE-2024-0208

JSON object : View

Products Affected

wireshark

wireshark

CWE

CWE-674

Uncontrolled Recursion

7.5 /10