PT-2024-1019 · Wireshark+4 · Wireshark+4

Han Zheng

Published

2024-01-03

Updated

2025-03-11

CVE-2024-0209

CVSS v2.0

7.8

High

Vector

AV:N/AC:L/Au:N/C:N/I:N/A:C

Name of the Vulnerable Software and Affected Versions Wireshark versions 3.6.0 through 3.6.19 Wireshark versions 4.0.0 through 4.0.11 Wireshark version 4.2.0

Description The issue is related to the IEEE 1609.2 dissector in Wireshark, which can cause a crash, allowing denial of service via packet injection or crafted capture file. This is due to errors in pointer handling. A remote attacker can exploit this issue to cause a denial of service.

Recommendations For Wireshark versions 3.6.0 through 3.6.19, update to a newer version to resolve the issue. For Wireshark versions 4.0.0 through 4.0.11, update to a newer version to resolve the issue. For Wireshark version 4.2.0, update to a newer version to resolve the issue. As a temporary workaround, consider disabling the IEEE 1609.2 dissector until a patch is available.

Exploit

Fix

DoS

NULL Pointer Dereference

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-476

Related Identifiers

ALT-PU-2024-1387

ALT-PU-2024-13962

ALT-PU-2025-3923

AZL-32323

AZL-37059

BDU:2024-00215

CVE-2024-0209

DLA-3906-1

OESA-2024-1070

OPENSUSE-SU-2024:13556-1

OPENSUSE-SU-2024_0058-1

SUSE-SU-2024:0058-1

Affected Products

Alt Linux

Astra Linux

Red Os

Suse

Wireshark

PT-2024-1019 · Wireshark+4 · Wireshark+4

CVE-2024-0209

Weakness Enumeration

Related Identifiers

Affected Products

References · 36