CVE-2024-24479

Name of the Vulnerable Software and Affected Versions Wireshark versions prior to 4.2.0

Description The issue is related to a buffer overflow in the format fractional part nsecs function of Wireshark, which can be exploited by a remote attacker to cause a denial of service. This is due to the lack of size checking for input data during the buffer copying process. The exploitation of this issue may allow a remote attacker to disrupt the service.

Recommendations For Wireshark versions prior to 4.2.0, as a temporary workaround, consider disabling the format fractional part nsecs function until a patch is available. However, since the vendor disputes the vulnerability, stating that neither release 4.2.0 nor any other release was affected, it is essential to monitor official Wireshark updates for any further information regarding this issue. At the moment, there is no information about a newer version that contains a fix for this vulnerability.