Buffer Overflow Vulnerability in Wireshark by The Wireshark Foundation

CVE-2024-24479

Summary

A buffer overflow issue has been identified in versions of Wireshark prior to 4.2.0, which allows remote attackers to potentially exploit this vulnerability, resulting in a denial of service. Although the vendor has disputed claims of affected releases, it's essential for users to ensure they are running the latest version of Wireshark to mitigate potential risks. Attack vectors are associated with the handling of components such as wsutil/to_str.c and format_fractional_part_nsecs, which could be manipulated to exploit this weakness.

References