CVE-2024-8645

Name of the Vulnerable Software and Affected Versions: Wireshark versions 4.2.0 through 4.0.5 Wireshark versions 4.0.0 through 4.0.15

Description: The issue is related to a crash in the SPRT dissector of Wireshark, which can be exploited to cause a denial of service. This can be achieved via packet injection or by using a crafted capture file. The vulnerability is associated with access to an uninitialized pointer, and its exploitation may allow an attacker to disrupt service by sending specially formed RTP packets.

Recommendations: For Wireshark versions 4.2.0 through 4.0.5, update to a version that fixes the SPRT dissector crash issue. For Wireshark versions 4.0.0 through 4.0.15, update to a version that fixes the SPRT dissector crash issue. As a temporary workaround, consider disabling the SPRT dissector until a patch is available.