PT-2024-1011 · Wireshark+4 · Wireshark+4

Published

2024-01-03

Updated

2025-03-11

CVE-2024-0208

CVSS v2.0

7.8

High

Vector

AV:N/AC:L/Au:N/C:N/I:N/A:C

Name of the Vulnerable Software and Affected Versions Wireshark versions 3.6.0 through 3.6.19 Wireshark versions 4.0.0 through 4.0.11 Wireshark version 4.2.0

Description The issue is related to the GVCP dissector in Wireshark, which is associated with insufficient input validation. This can be exploited by a remote attacker to cause a denial of service via packet injection or crafted capture file.

Recommendations For Wireshark versions 3.6.0 through 3.6.19, update to a version that includes the fix for this issue. For Wireshark versions 4.0.0 through 4.0.11, update to a version that includes the fix for this issue. For Wireshark version 4.2.0, update to a version that includes the fix for this issue. As a temporary workaround, consider disabling the GVCP dissector until a patch is available.

Exploit

Fix

DoS

RCE

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-230CWE-20

Related Identifiers

ALT-PU-2024-1387

ALT-PU-2024-13962

ALT-PU-2025-3923

AZL-32318

AZL-37058

BDU:2024-00164

CVE-2024-0208

DLA-3746-1

DLA-3906-1

MGASA-2024-0045

OESA-2024-1070

OPENSUSE-SU-2024:13556-1

OPENSUSE-SU-2024_0058-1

SUSE-SU-2024:0058-1

SUSE-SU-2024_0058-1

Affected Products

Alt Linux

Astra Linux

Red Os

Suse

Wireshark

PT-2024-1011 · Wireshark+4 · Wireshark+4

CVE-2024-0208

Weakness Enumeration

Related Identifiers

Affected Products

References · 47