CVE-2024-2955

CVSS v3.1

7.8

High

Vector

AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Wireshark versions 4.0.0 through 4.0.13 Wireshark versions 4.0.3 through 4.2.0

Description The issue is related to the T.38 dissector in Wireshark and is caused by improper memory management. Exploitation of this issue may allow an attacker to cause a denial of service by sending a specially crafted file or packet. This can be achieved via packet injection or a crafted capture file.

Recommendations For Wireshark versions 4.0.0 through 4.0.13, consider disabling the T.38 dissector until a patch is available to prevent potential denial of service attacks. For Wireshark versions 4.0.3 through 4.2.0, consider disabling the T.38 dissector until a patch is available to prevent potential denial of service attacks. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

DoS

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-763CWE-762

Related Identifiers

ALT-PU-2024-13962

ALT-PU-2024-4841

ALT-PU-2025-3923

AZL-42523

AZL-42549

BDU:2024-02482

CVE-2024-2955

DLA-3906-1

MGASA-2024-0149

OPENSUSE-SU-2024:13809-1

OPENSUSE-SU-2024_3165-1

SUSE-SU-2024:3165-1

Affected Products

Alt Linux

Astra Linux

Red Os

Suse

Wireshark

CVE-2024-2955

Weakness Enumeration

Related Identifiers

Affected Products

References · 57