Out-of-bounds Read in Wireshark
CVE-2024-0207

7.8HIGH

Key Information:

Vendor: Wireshark
Status: Wireshark
Vendor: CVE Published:; 3 January 2024

Summary

A vulnerability in Wireshark, specifically in version 4.2.0, allows for a denial of service due to an HTTP3 dissector crash. This vulnerability can be exploited through packet injection or by utilizing a specially crafted capture file, potentially disrupting service availability. Users are encouraged to assess their environments for exposure to this vulnerability.

Affected Version(s)

Wireshark 4.2.0 < 4.2.1

References

https://www.wireshark.org/security/wnpa-sec-2024-03.html

https://gitlab.com/wireshark/wireshark/-/issues/19502

issue-tracking

CVSS V3.1

Score:

7.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
Jan 3, 2024
Vulnerability Reserved
Jan 3, 2024

Credit

Dexter Gerig