CVE-2024-0208

Summary

GVCP dissector crash in Wireshark 4.2.0, 4.0.0 to 4.0.11, and 3.6.0 to 3.6.19 allows denial of service via packet injection or crafted capture file

Affected Software

VendorProductVersion RangeStatus
Wireshark FoundationWireshark4.2.0 < 4.2.1affected
Wireshark FoundationWireshark4.0.0 < 4.0.12affected
Wireshark FoundationWireshark3.6.0 < 3.6.20affected

Weaknesses

  • CWE-230: CWE-230: Improper Handling of Missing Values

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: total

References