NTLMSSP Dissector Denial of Service Vulnerability
CVE-2024-8250

7.8HIGH

Key Information:

Vendor: Wireshark
Status: Wireshark
Vendor: CVE Published:; 29 August 2024

What is CVE-2024-8250?

A vulnerable NTLMSSP dissector in Wireshark versions 4.2.0 through 4.0.6 and 4.0.0 through 4.0.16 can lead to a potential denial of service. This vulnerability allows attackers to exploit the software by injecting specially crafted packets or using malicious capture files, causing the application to crash. Network administrators using these versions should take precautions to mitigate this risk and update to secure versions.

Affected Version(s)

Wireshark 4.2.0 < 4.2.7

Wireshark 4.0.0 < 4.0.17

References

https://www.wireshark.org/security/wnpa-sec-2024-11.html

https://gitlab.com/wireshark/wireshark/-/issues/19943

issue-trackingpermissions-required

CVSS V3.1

Score:

7.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Aug 29, 2024

JSON