7.5

CVE-2024-24476

A buffer overflow in Wireshark before 4.2.0 allows a remote attacker to cause a denial of service via the pan/addr_resolv.c, and ws_manuf_lookup_str(), size components. NOTE: this is disputed by the vendor because neither release 4.2.0 nor any other release was affected.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
FedoraprojectFedora Version40
WiresharkWireshark Version < 4.2.0
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. Login Login
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 1.3% 0.666
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
134c704f-9b21-4f2e-91b3-4a467353bcc0 7.5 3.9 3.6
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer

The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.

https://gist.github.com/1047524396/369ba0ccffe255cf8142208b6142be2b
Third Party Advisory
https://github.com/wireshark/wireshark/commit/108217f4bb1afb8b25fc705c2722b3e328b1ad78
Patch
https://gitlab.com/wireshark/wireshark/-/issues/19344
Vendor Advisory
Issue Tracking
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZT2BX7UARZVVWKITSZMHW7BHXGIKRSR2/
Mailing List
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZT2BX7UARZVVWKITSZMHW7BHXGIKRSR2/