← Back

CVE-2024-24476

nvd nist
Published: Feb 21, 2024Modified: Nov 4, 2025

JSON object

Loading...
7.5
Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Exploitability: 3.9 / Impact: 3.6
Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0 (Secondary)

Description

A buffer overflow in Wireshark before 4.2.0 allows a remote attacker to cause a denial of service via the pan/addr_resolv.c, and ws_manuf_lookup_str(), size components. NOTE: this is disputed by the vendor because neither release 4.2.0 nor any other release was affected.

Affected (2)

Fedoraproject
1 product
Fedora
Wireshark
1 product
Wireshark
Configuration A
1 vulnerable
Vulnerable SoftwareAffected Versions
Fedora
Version 40
Configuration B
1 vulnerable
Vulnerable SoftwareAffected Versions
Wireshark
Before 4.2.0

Related CWEs

CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.

References (9)

Source: cve@mitre.org
Third Party Advisory
Source: cve@mitre.org
Patch
Source: cve@mitre.org
Issue TrackingVendor Advisory
Source: cve@mitre.org
Mailing List
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Patch
Source: af854a3a-2127-422b-91ae-364da2661108
Issue TrackingVendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Mailing List
Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.