CVE-2024-24478 - An issue in Wireshark before 4.2.0 allows a remote attacker to cause a denial of service via the pac

CVE-2024-24478

Summary

An issue in Wireshark before 4.2.0 allows a remote attacker to cause a denial of service via the packet-bgp.c, dissect_bgp_open(tvbuff_t*tvb, proto_tree*tree, packet_info*pinfo), optlen components. NOTE: this is disputed by the vendor because neither release 4.2.0 nor any other release was affected.

References

https://github.com/wireshark/wireshark/commit/80a4dc55f4d2fa33c2b36a99406500726d3faaef
https://gitlab.com/wireshark/wireshark/-/issues/19347
https://gist.github.com/1047524396/e82c55147cd3cb62ef20cbdb0ec83694

Vulnerable Configurations

CVSS

Base:	None
Impact:
Exploitability:

Access

Vector	Complexity	Authentication

Impact

Confidentiality	Integrity	Availability

Last major update

02-08-2024 - 00:15

Published

21-02-2024 - 17:15

Last modified

02-08-2024 - 00:15