CVE-2024-0209 — NULL Pointer Dereference in Foundation Wireshark

CWE-476 — NULL Pointer Dereference7 documents7 sources

Severity

7.5HIGHNVD

CNA7.8

EPSS

0.0%

top 87.45%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Wireshark Foundation Wireshark Wireshark

Timeline

PublishedJan 3

Latest updateJan 9

Description

IEEE 1609.2 dissector crash in Wireshark 4.2.0, 4.0.0 to 4.0.11, and 3.6.0 to 3.6.19 allows denial of service via packet injection or crafted capture file

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 3.9 | Impact: 3.6

Affected Packages3 packages

▶CVEListV5wireshark_foundation/wireshark4.2.0 — 4.2.1+2

▶Debianwireshark/wireshark< 3.4.16-0+deb11u1+3

▶NVDwireshark/wireshark3.6.0 — 3.6.19+2

🔴Vulnerability Details

OSV

CVE-2024-0209: IEEE 1609↗2024-01-03

▶

CVEList

NULL Pointer Dereference in Wireshark↗2024-01-03

▶

GHSA

GHSA-jccx-fvx2-cqjj: IEEE 1609↗2024-01-03

▶

📋Vendor Advisories

Microsoft

NULL Pointer Dereference in Wireshark↗2024-01-09

▶

Red Hat

wireshark: IEEE 1609.2 dissector crash via packet injection or crafted capture file↗2024-01-03

▶

Debian

CVE-2024-0209: wireshark - IEEE 1609.2 dissector crash in Wireshark 4.2.0, 4.0.0 to 4.0.11, and 3.6.0 to 3....↗2024

▶