CVE-2024-9781

EPSS 0.06%
Published 10.10.2024 07:15:04
Last modified 25.11.2024 18:09:33
Source cve@gitlab.com
Teams watchlist Login
Open Login

AppleTalk and RELOAD Framing dissector crash in Wireshark 4.4.0 and 4.2.0 to 4.2.7 allows denial of service via packet injection or crafted capture file

Affected products Warnungen 0 Metrics 3 CWE 1 References 5

Data is provided by the National Vulnerability Database (NVD)

Wireshark ≫ Wireshark Version >= 4.2.0 < 4.2.8

Wireshark ≫ Wireshark Version4.4.0

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.06%	0.19

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	7.5	3.9	3.6	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
cve@gitlab.com	7.8	1.8	5.9	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CWE-230 Improper Handling of Missing Values

The product does not handle or incorrectly handles when a parameter, field, or argument name is specified, but the associated value is missing, i.e. it is empty, blank, or null.

https://gitlab.com/wireshark/wireshark/-/issues/20114

Patch

https://www.wireshark.org/security/wnpa-sec-2024-13.html

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2024-9781

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2024-9781

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2024-9781

EUVD