CVE-2024-24476

EPSS 2.28%
Veröffentlicht 21.02.2024 19:15:09
Zuletzt bearbeitet 04.11.2025 19:16:57
Quelle cve@mitre.org
CVE-Watchlists
Login
Unerledigt
Login

A buffer overflow in Wireshark before 4.2.0 allows a remote attacker to cause a denial of service via the pan/addr_resolv.c, and ws_manuf_lookup_str(), size components. NOTE: this is disputed by the vendor because neither release 4.2.0 nor any other release was affected.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 1 Referenzen 8

Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD

Diese Information steht angemeldeten Benutzern zur Verfügung.

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Fedoraproject ≫ Fedora Version40

Wireshark ≫ Wireshark Version < 4.2.0

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	2.28%	0.842

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
134c704f-9b21-4f2e-91b3-4a467353bcc0	7.5	3.9	3.6	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer

The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.

https://gist.github.com/1047524396/369ba0ccffe255cf8142208b6142be2b

Third Party Advisory

https://github.com/wireshark/wireshark/commit/108217f4bb1afb8b25fc705c2722b3e328b1ad78

Patch

https://gitlab.com/wireshark/wireshark/-/issues/19344

Vendor Advisory

Issue Tracking

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZT2BX7UARZVVWKITSZMHW7BHXGIKRSR2/

Mailing List

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZT2BX7UARZVVWKITSZMHW7BHXGIKRSR2/

https://nvd.nist.gov/vuln/detail/CVE-2024-24476

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2024-24476

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2024-24476

EUVD