FiveCo RAP Dissector Denial of Service Vulnerability
CVE-2024-11595

7.8HIGH

Key Information:

Vendor: Wireshark
Status: Wireshark
Vendor: CVE Published:; 21 November 2024

Summary

The Wireshark application experiences a vulnerability within the FiveCo RAP dissector, spanning versions 4.4.0 to 4.4.1 and 4.2.0 to 4.2.8. This vulnerability allows an attacker to exploit an infinite loop condition, resulting in a denial of service. This can be achieved through packet injection or by utilizing a specially crafted capture file. Users are advised to apply the necessary updates or patches to mitigate the risk associated with this vulnerability. Compliance with security recommendations is crucial to maintaining robust network defenses.

Affected Version(s)

Wireshark 4.4.0 < 4.4.2

Wireshark 4.2.0 < 4.2.9

References

https://www.wireshark.org/security/wnpa-sec-2024-14.html

https://gitlab.com/wireshark/wireshark/-/issues/20176

issue-trackingpermissions-required

CVSS V3.1

Score:

7.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
Nov 21, 2024
Vulnerability Reserved
Nov 21, 2024