Denial of Service Vulnerability in Wireshark by The Wireshark Foundation

CVE-2024-24478

Summary

A vulnerability exists in Wireshark versions prior to 4.2.0 that could allow a remote attacker to trigger a denial of service condition. This issue arises from the way certain components, specifically within the dissect_bgp_open function, handle packet parsing. The vendor has disputed the existence of this vulnerability in version 4.2.0 and later versions, asserting that these releases are not affected. It's crucial for users to ensure they are running an updated version of Wireshark to minimize any potential risks.

References