Wireshark · Wireshark · CVE-2024-24478
**Name of the Vulnerable Software and Affected Versions**
Wireshark versions prior to 4.2.0
**Description**
The issue is related to a buffer overflow in the `dissect bgp open()` function of Wireshark when handling extended BGP parameter formats. This can be exploited by a remote attacker to cause a denial of service. The `dissect bgp open()` function, located in `packet-bgp.c`, is vulnerable due to the `optlen` components.
**Recommendations**
For Wireshark versions prior to 4.2.0, update to version 4.2.0 or later to resolve the issue.
As a temporary workaround, consider restricting the use of the `dissect bgp open()` function until a patch is available.