CVE-2024-24476

CVSS v2.0

7.8

High

Vector

AV:N/AC:L/Au:N/C:N/I:N/A:C

Name of the Vulnerable Software and Affected Versions Wireshark versions prior to 4.2.0

Description The issue is related to a buffer overflow in the pan/addr resolv.c component of Wireshark, which can be exploited by a remote attacker to cause a denial of service. The ws manuf lookup str() function and size components are involved in this issue. It is noted that the vendor disputes the claim, stating that neither release 4.2.0 nor any other release was affected.

Recommendations For Wireshark versions prior to 4.2.0, update to version 4.2.0 or later to resolve the issue. As a temporary workaround, consider restricting access to the pan/addr resolv.c component and the ws manuf lookup str() function until a patch is available.

Fix

DoS

Buffer Overflow

Improper Resource Release

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-119CWE-404

Related Identifiers

AZL-44032

AZL-44619

BDU:2024-01599

CVE-2024-24476

OESA-2024-2242

OPENSUSE-SU-2024:14223-1

OPENSUSE-SU-2024_1347-1

SUSE-SU-2024:1347-1

SUSE-SU-2024:1354-1

SUSE-SU-2024_1347-1

SUSE-SU-2024_1354-1

Affected Products

Red Os

Suse

Wireshark

CVE-2024-24476

Weakness Enumeration

Related Identifiers

Affected Products

References · 32