CVE-2024-8645Access of Uninitialized Pointer in Foundation Wireshark

CWE-824Access of Uninitialized Pointer6 documents6 sources
Severity
5.5MEDIUMNVD
EPSS
0.1%
top 76.60%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Wireshark Foundation WiresharkWireshark
Timeline
PublishedSep 10

Description

SPRT dissector crash in Wireshark 4.2.0 to 4.0.5 and 4.0.0 to 4.0.15 allows denial of service via packet injection or crafted capture file

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:HExploitability: 1.8 | Impact: 3.6

Affected Packages3 packages

NVDwireshark/wireshark4.0.04.0.16+1
CVEListV5wireshark_foundation/wireshark4.2.04.2.6+1
Debianwireshark/wireshark< 3.4.16-0+deb11u1+3

🔴Vulnerability Details

3
GHSA
GHSA-gr6m-q82v-j96h: SPRT dissector crash in Wireshark 42024-09-10
OSV
CVE-2024-8645: SPRT dissector crash in Wireshark 42024-09-10
CVEList
Access of Uninitialized Pointer in Wireshark2024-09-10

📋Vendor Advisories

2
Microsoft
Access of Uninitialized Pointer in Wireshark2024-09-10
Debian
CVE-2024-8645: wireshark - SPRT dissector crash in Wireshark 4.2.0 to 4.0.5 and 4.0.0 to 4.0.15 allows deni...2024
CVE-2024-8645 — Access of Uninitialized Pointer | cvebase