CVE-2024-9781

Published: Oct 10, 2024Modified: Nov 25, 2024

7.5

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Exploitability: 3.9 / Impact: 3.6

Source: NVD

Description

AppleTalk and RELOAD Framing dissector crash in Wireshark 4.4.0 and 4.2.0 to 4.2.7 allows denial of service via packet injection or crafted capture file

Affected (2)

Products: Wireshark: Wireshark

Wireshark

1 product

Wireshark

Configuration A

2 vulnerable

Vulnerable Software	Affected Versions
Wireshark Wireshark	From 4.2.0 to 4.2.8
Wireshark Wireshark	Version 4.4.0

Related CWEs

CWE-230

Improper Handling of Missing Values

The product does not handle or incorrectly handles when a parameter, field, or argument name is specified, but the associated value is missing, i.e. it is empty, blank, or null.

References (2)

https://gitlab.com/wireshark/wireshark/-/issues/20114

Source: cve@gitlab.com

Patch

https://www.wireshark.org/security/wnpa-sec-2024-13.html

Source: cve@gitlab.com

Vendor Advisory

Timeline

No history available yet.