CVE-2024-24476

EPSS 0.95%
Published 21.02.2024 19:15:09
Last modified 14.04.2025 12:55:24
Source cve@mitre.org
Teams watchlist Login
Open Login

A buffer overflow in Wireshark before 4.2.0 allows a remote attacker to cause a denial of service via the pan/addr_resolv.c, and ws_manuf_lookup_str(), size components. NOTE: this is disputed by the vendor because neither release 4.2.0 nor any other release was affected.

Affected products Warnungen 0 Metrics 2 CWE 1 References 7

Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD

This information is available to logged-in users.

Data is provided by the National Vulnerability Database (NVD)

Fedoraproject ≫ Fedora Version40

Wireshark ≫ Wireshark Version < 4.2.0

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.95%	0.756

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
134c704f-9b21-4f2e-91b3-4a467353bcc0	7.5	3.9	3.6	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer

The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.

https://gist.github.com/1047524396/369ba0ccffe255cf8142208b6142be2b

Third Party Advisory

https://github.com/wireshark/wireshark/commit/108217f4bb1afb8b25fc705c2722b3e328b1ad78

Patch

https://gitlab.com/wireshark/wireshark/-/issues/19344

Vendor Advisory

Issue Tracking

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZT2BX7UARZVVWKITSZMHW7BHXGIKRSR2/

Mailing List

https://nvd.nist.gov/vuln/detail/CVE-2024-24476

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2024-24476

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2024-24476

EUVD