Use After Free in editcap
CVE-2024-4855

3.6LOW

Key Information:

Vendor

Wireshark
Status
Editcap
Vendor
CVE Published:
14 May 2024

What is CVE-2024-4855?

Use after free issue in editcap could cause denial of service via crafted capture file

Affected Version(s)

editcap 4.2.0 < 4.2.5

editcap 4.0.0 < 4.0.15

editcap 3.6.0 < 3.6.23

References

https://www.wireshark.org/security/wnpa-sec-2024-08.html
https://gitlab.com/wireshark/wireshark/-/issues/19782
issue-trackingpermissions-required
https://gitlab.com/wireshark/wireshark/-/issues/19783
issue-trackingpermissions-required

CVSS V3.1

Score:
3.6
Severity:
LOW
Confidentiality:
None
Integrity:
Low
Availability:
None
Attack Vector:
Local
Attack Complexity:
High
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

Credit

Dawei Wang and Geng Zhou, from Zhongguancun Laboratory.
.