CVE-2024-9781Improper Handling of Missing Values in Foundation Wireshark

CWE-230Improper Handling of Missing Values6 documents6 sources
Severity
7.5HIGHNVD
CNA7.8
EPSS
0.2%
top 60.27%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Wireshark Foundation WiresharkWireshark
Timeline
PublishedOct 10

Description

AppleTalk and RELOAD Framing dissector crash in Wireshark 4.4.0 and 4.2.0 to 4.2.7 allows denial of service via packet injection or crafted capture file

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 3.9 | Impact: 3.6

Affected Packages3 packages

NVDwireshark/wireshark4.2.04.2.8+1
CVEListV5wireshark_foundation/wireshark4.4.04.4.1+1
Debianwireshark/wireshark< 3.4.16-0+deb11u2+2

Patches

Patch: gitlab.com

🔴Vulnerability Details

3
OSV
CVE-2024-9781: AppleTalk and RELOAD Framing dissector crash in Wireshark 42024-10-10
CVEList
Improper Handling of Missing Values in Wireshark2024-10-10
GHSA
GHSA-752v-9q7h-jp65: AppleTalk and RELOAD Framing dissector crash in Wireshark 42024-10-10

📋Vendor Advisories

2
Red Hat
wireshark: Improper Handling of Missing Values in Wireshark2024-10-10
Debian
CVE-2024-9781: wireshark - AppleTalk and RELOAD Framing dissector crash in Wireshark 4.4.0 and 4.2.0 to 4.2...2024
CVE-2024-9781 — Improper Handling of Missing Values | cvebase