PT-2024-5847 · Wireshark+4 · Wireshark+4

Published

2024-01-02

Updated

2025-03-11

CVE-2024-8250

CVSS v2.0

High

Vector

AV:N/AC:L/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions Wireshark versions 4.0.0 through 4.0.16 Wireshark versions 4.2.0 through 4.2.6

Description The issue is related to a crash in the NTLMSSP dissector of Wireshark, which can be exploited to cause a denial of service via packet injection or a crafted capture file. This can potentially impact the confidentiality, integrity, and availability of protected information by allowing a remote attacker to inject a specially formed packet or capture file.

Recommendations For Wireshark versions 4.0.0 through 4.0.16, update to a version that contains a fix for this issue. For Wireshark versions 4.2.0 through 4.2.6, update to a version that contains a fix for this issue. As a temporary workaround, consider disabling the NTLMSSP dissector function until a patch is available.

Exploit

Fix

DoS

Memory Corruption

Access of Uninitialized Pointer

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-787CWE-824CWE-825

Related Identifiers

ALT-PU-2024-12863

ALT-PU-2024-13962

ALT-PU-2025-3923

AZL-48338

AZL-48339

BDU:2024-06592

BDU:2024-07760

CVE-2024-8250

DLA-3906-1

MGASA-2024-0303

OESA-2024-2090

OPENSUSE-SU-2024:14302-1

OPENSUSE-SU-2024_3250-1

OPENSUSE-SU-2024_3333-1

SUSE-SU-2024:3250-1

SUSE-SU-2024:3323-1

SUSE-SU-2024:3333-1

SUSE-SU-2024_3250-1

SUSE-SU-2024_3333-1

Affected Products

Alt Linux

Astra Linux

Red Os

Suse

Wireshark

PT-2024-5847 · Wireshark+4 · Wireshark+4

CVE-2024-8250

Weakness Enumeration

Related Identifiers

Affected Products

References · 47