CVE-2024-2955Mismatched Memory Management Routines in Foundation Wireshark

CWE-762Mismatched Memory Management RoutinesCWE-763Release of Invalid Pointer or Reference7 documents7 sources
Severity
7.5HIGHNVD
CNA7.8
EPSS
0.1%
top 73.65%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
Wireshark Foundation WiresharkWiresharkFedoraproject Fedora
Timeline
PublishedMar 26

Description

T.38 dissector crash in Wireshark 4.2.0 to 4.0.3 and 4.0.0 to 4.0.13 allows denial of service via packet injection or crafted capture file

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 3.9 | Impact: 3.6

Affected Packages3 packages

NVDwireshark/wireshark4.0.04.0.14+1
CVEListV5wireshark_foundation/wireshark4.2.04.2.4+1
Debianwireshark/wireshark< 3.4.16-0+deb11u1+3

Also affects: Fedora 39, 40

🔴Vulnerability Details

3
CVEList
Mismatched Memory Management Routines in Wireshark2024-03-26
OSV
CVE-2024-2955: T2024-03-26
GHSA
GHSA-gc85-62pw-52fp: T2024-03-26

📋Vendor Advisories

3
Red Hat
wireshark: T.38 dissector crash2024-03-26
Microsoft
Mismatched Memory Management Routines in Wireshark2024-03-12
Debian
CVE-2024-2955: wireshark - T.38 dissector crash in Wireshark 4.2.0 to 4.0.3 and 4.0.0 to 4.0.13 allows deni...2024