FiveCo RAP Dissector Denial of Service Vulnerability
CVE-2024-11595

5.5MEDIUM

Key Information:

Vendor: Wireshark
Status: Wireshark
Vendor: CVE Published:; 21 November 2024

What is CVE-2024-11595?

The Wireshark application experiences a vulnerability within the FiveCo RAP dissector, spanning versions 4.4.0 to 4.4.1 and 4.2.0 to 4.2.8. This vulnerability allows an attacker to exploit an infinite loop condition, resulting in a denial of service. This can be achieved through packet injection or by utilizing a specially crafted capture file. Users are advised to apply the necessary updates or patches to mitigate the risk associated with this vulnerability. Compliance with security recommendations is crucial to maintaining robust network defenses.

Affected Version(s)

Wireshark 4.4.0 < 4.4.2

Wireshark 4.2.0 < 4.2.9

References

https://www.wireshark.org/security/wnpa-sec-2024-14.html

https://gitlab.com/wireshark/wireshark/-/issues/20176

issue-trackingpermissions-required

CVSS V3.1

Score:

5.5

Severity:

MEDIUM

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Nov 21, 2024
Vulnerability Reserved
Nov 21, 2024