CVE-2024-0208Improper Handling of Missing Values in Foundation Wireshark

CWE-230Improper Handling of Missing ValuesCWE-674Uncontrolled Recursion7 documents7 sources
Severity
7.5HIGHNVD
CNA7.8
EPSS
0.0%
top 90.24%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Wireshark Foundation WiresharkWireshark
Timeline
PublishedJan 3
Latest updateJan 9

Description

GVCP dissector crash in Wireshark 4.2.0, 4.0.0 to 4.0.11, and 3.6.0 to 3.6.19 allows denial of service via packet injection or crafted capture file

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 3.9 | Impact: 3.6

Affected Packages3 packages

CVEListV5wireshark_foundation/wireshark4.2.04.2.1+2
Debianwireshark/wireshark< 3.4.16-0+deb11u1+3
NVDwireshark/wireshark3.6.03.6.19+2

🔴Vulnerability Details

3
GHSA
GHSA-phw4-gv7f-mc27: GVCP dissector crash in Wireshark 42024-01-03
OSV
CVE-2024-0208: GVCP dissector crash in Wireshark 42024-01-03
CVEList
Improper Handling of Missing Values in Wireshark2024-01-03

📋Vendor Advisories

3
Microsoft
Improper Handling of Missing Values in Wireshark2024-01-09
Red Hat
wireshark: GVCP dissector crash via packet injection or crafted capture file2024-01-03
Debian
CVE-2024-0208: wireshark - GVCP dissector crash in Wireshark 4.2.0, 4.0.0 to 4.0.11, and 3.6.0 to 3.6.19 al...2024
CVE-2024-0208 — Improper Handling of Missing Values | cvebase