Denial of Service Vulnerability in Wireshark by The Wireshark Foundation
CVE-2024-24478

7.5HIGH

Key Information:

Vendor: The Wireshark Foundation
Status: Wireshark
Vendor: CVE Published:; 21 February 2024

🔔 Create The Wireshark Foundation Vulnerability Alert

What is CVE-2024-24478?

A vulnerability exists in Wireshark versions prior to 4.2.0 that could allow a remote attacker to trigger a denial of service condition. This issue arises from the way certain components, specifically within the dissect_bgp_open function, handle packet parsing. The vendor has disputed the existence of this vulnerability in version 4.2.0 and later versions, asserting that these releases are not affected. It's crucial for users to ensure they are running an updated version of Wireshark to minimize any potential risks.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

References

https://github.com/wireshark/wireshark/commit/80a4dc55f4d...

https://gitlab.com/wireshark/wireshark/-/issues/19347

https://gist.github.com/1047524396/e82c55147cd3cb62ef20cb...

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Feb 21, 2024
Vulnerability Reserved
Jan 25, 2024

JSON

The Wireshark Foundation

What is CVE-2024-24478?

Human OS v1.0: Ageing Is an Unpatched Zero-Day Vulnerability.

References

CVSS V3.1

Timeline

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.