CVE-2024-9781

EPSS 0.06%
Veröffentlicht 10.10.2024 07:15:04
Zuletzt bearbeitet 25.11.2024 18:09:33
Quelle cve@gitlab.com
Teams Watchlist Login
Unerledigt Login

AppleTalk and RELOAD Framing dissector crash in Wireshark 4.4.0 and 4.2.0 to 4.2.7 allows denial of service via packet injection or crafted capture file

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 5

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Wireshark ≫ Wireshark Version >= 4.2.0 < 4.2.8

Wireshark ≫ Wireshark Version4.4.0

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.06%	0.19

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	7.5	3.9	3.6	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
cve@gitlab.com	7.8	1.8	5.9	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CWE-230 Improper Handling of Missing Values

The product does not handle or incorrectly handles when a parameter, field, or argument name is specified, but the associated value is missing, i.e. it is empty, blank, or null.

https://gitlab.com/wireshark/wireshark/-/issues/20114

Patch

https://www.wireshark.org/security/wnpa-sec-2024-13.html

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2024-9781

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2024-9781

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2024-9781

EUVD