AppleTalk Dissector Crash Allows Denial of Service via Packet Injection
CVE-2024-9781

7.5HIGH

Key Information:

Vendor: Wireshark
Status: Wireshark
Vendor: CVE Published:; 10 October 2024

Summary

A vulnerability present in Wireshark allows for denial of service through the AppleTalk and RELOAD Framing dissectors. This issue arises in versions 4.4.0 and 4.2.0 to 4.2.7 when malicious actors inject packets or utilize specially crafted capture files. Users of the affected versions are encouraged to upgrade their software to maintain optimal security and functionality. This vulnerability emphasizes the importance of securing network analysis tools against potential exploitation vectors.

Affected Version(s)

Wireshark 4.4.0 < 4.4.1

Wireshark 4.2.0 < 4.2.8

References

https://www.wireshark.org/security/wnpa-sec-2024-13.html

https://gitlab.com/wireshark/wireshark/-/issues/20114

issue-trackingpermissions-required

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Oct 10, 2024
Vulnerability Reserved
Oct 10, 2024