{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-11596", "assignerOrgId": "ceab7361-8a18-47b1-92ba-4d7d25f6715a", "state": "PUBLISHED", "assignerShortName": "GitLab", "dateReserved": "2024-11-21T09:30:49.862Z", "datePublished": "2024-11-21T09:30:59.843Z", "dateUpdated": "2024-11-22T15:41:11.586Z"}, "containers": {"cna": {"title": "Buffer Over-read in Wireshark", "descriptions": [{"lang": "en", "value": "ECMP dissector crash in Wireshark 4.4.0 to 4.4.1 and 4.2.0 to 4.2.8 allows denial of service via packet injection or crafted capture file"}], "affected": [{"vendor": "Wireshark Foundation", "product": "Wireshark", "versions": [{"version": "4.4.0", "status": "affected", "lessThan": "4.4.2", "versionType": "semver"}, {"version": "4.2.0", "status": "affected", "lessThan": "4.2.9", "versionType": "semver"}], "defaultStatus": "unaffected"}], "problemTypes": [{"descriptions": [{"lang": "en", "description": "CWE-126: Buffer Over-read", "cweId": "CWE-126", "type": "CWE"}]}], "references": [{"url": "https://www.wireshark.org/security/wnpa-sec-2024-15.html"}, {"url": "https://gitlab.com/wireshark/wireshark/-/issues/20214", "name": "GitLab Issue #20214", "tags": ["issue-tracking", "permissions-required"]}], "metrics": [{"format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}], "cvssV3_1": {"version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "attackVector": "LOCAL", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "REQUIRED", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH"}}], "solutions": [{"lang": "en", "value": "Upgrade to version 4.4.2, 4.2.9 or above."}], "credits": [{"lang": "en", "value": "Ivan Nardi", "type": "finder"}], "providerMetadata": {"orgId": "ceab7361-8a18-47b1-92ba-4d7d25f6715a", "shortName": "GitLab", "dateUpdated": "2024-11-21T09:30:59.843Z"}}, "adp": [{"affected": [{"vendor": "wireshark", "product": "wireshark", "cpes": ["cpe:2.3:a:wireshark:wireshark:*:*:*:*:*:*:*:*"], "defaultStatus": "unaffected", "versions": [{"version": "4.4.0", "status": "affected", "lessThan": "4.4.2", "versionType": "semver"}, {"version": "4.2.0", "status": "affected", "lessThan": "4.2.9", "versionType": "semver"}]}], "metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-11-22T15:39:01.101667Z", "id": "CVE-2024-11596", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-11-22T15:41:11.586Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-11596", "role": "CISA Coordinator", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2024-11-22T15:39:01.101667Z"}}}], "affected": [{"cpes": ["cpe:2.3:a:wireshark:wireshark:*:*:*:*:*:*:*:*"], "vendor": "wireshark", "product": "wireshark", "versions": [{"status": "affected", "version": "4.4.0", "lessThan": "4.4.2", "versionType": "semver"}, {"status": "affected", "version": "4.2.0", "lessThan": "4.2.9", "versionType": "semver"}], "defaultStatus": "unaffected"}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-11-22T15:41:06.136Z"}}], "cna": {"title": "Buffer Over-read in Wireshark", "credits": [{"lang": "en", "type": "finder", "value": "Ivan Nardi"}], "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.8, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "Wireshark Foundation", "product": "Wireshark", "versions": [{"status": "affected", "version": "4.4.0", "lessThan": "4.4.2", "versionType": "semver"}, {"status": "affected", "version": "4.2.0", "lessThan": "4.2.9", "versionType": "semver"}], "defaultStatus": "unaffected"}], "solutions": [{"lang": "en", "value": "Upgrade to version 4.4.2, 4.2.9 or above."}], "references": [{"url": "https://www.wireshark.org/security/wnpa-sec-2024-15.html"}, {"url": "https://gitlab.com/wireshark/wireshark/-/issues/20214", "name": "GitLab Issue #20214", "tags": ["issue-tracking", "permissions-required"]}], "descriptions": [{"lang": "en", "value": "ECMP dissector crash in Wireshark 4.4.0 to 4.4.1 and 4.2.0 to 4.2.8 allows denial of service via packet injection or crafted capture file"}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-126", "description": "CWE-126: Buffer Over-read"}]}], "providerMetadata": {"orgId": "ceab7361-8a18-47b1-92ba-4d7d25f6715a", "shortName": "GitLab", "dateUpdated": "2024-11-21T09:30:59.843Z"}}}, "cveMetadata": {"cveId": "CVE-2024-11596", "state": "PUBLISHED", "dateUpdated": "2024-11-22T15:41:11.586Z", "dateReserved": "2024-11-21T09:30:49.862Z", "assignerOrgId": "ceab7361-8a18-47b1-92ba-4d7d25f6715a", "datePublished": "2024-11-21T09:30:59.843Z", "assignerShortName": "GitLab"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:wireshark:wireshark:*:*:*:*:*:*:*:*", "matchCriteriaId": "3399947D-D52C-4CB2-8A4E-22CF6D1727AD", "versionEndExcluding": "4.2.9", "versionStartIncluding": "4.2.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:wireshark:wireshark:*:*:*:*:*:*:*:*", "matchCriteriaId": "9A7A5B30-B5FD-45BE-8AF8-058B13DD1071", "versionEndExcluding": "4.4.2", "versionStartIncluding": "4.4.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "ECMP dissector crash in Wireshark 4.4.0 to 4.4.1 and 4.2.0 to 4.2.8 allows denial of service via packet injection or crafted capture file"}, {"lang": "es", "value": "La falla del disector ECMP en Wireshark 4.4.0 a 4.4.1 y 4.2.0 a 4.2.8 permite la denegaci\u00f3n de servicio a trav\u00e9s de la inyecci\u00f3n de paquetes o un archivo de captura manipulado"}], "id": "CVE-2024-11596", "lastModified": "2025-05-07T16:52:28.100", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 5.9, "source": "cve@gitlab.com", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2024-11-21T11:15:33.350", "references": [{"source": "cve@gitlab.com", "tags": ["Exploit", "Issue Tracking"], "url": "https://gitlab.com/wireshark/wireshark/-/issues/20214"}, {"source": "cve@gitlab.com", "tags": ["Vendor Advisory"], "url": "https://www.wireshark.org/security/wnpa-sec-2024-15.html"}], "sourceIdentifier": "cve@gitlab.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-126"}], "source": "cve@gitlab.com", "type": "Secondary"}, {"description": [{"lang": "en", "value": "CWE-125"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"bugzilla": {"description": "wireshark: Buffer Over-read in Wireshark", "id": "2327763", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2327763"}, "csaw": false, "cvss3": {"cvss3_base_score": "5.5", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "status": "draft"}, "cwe": "CWE-126", "details": ["ECMP dissector crash in Wireshark 4.4.0 to 4.4.1 and 4.2.0 to 4.2.8 allows denial of service via packet injection or crafted capture file", "A flaw was found in Wireshark's ECMP dissector. This issue occurs when malformed packets are decoded from a pcap file or the network, causing a buffer over-read and resulting in a denial of service."], "mitigation": {"lang": "en:us", "value": "If the ECMP protocol dissector is not being used, it can be disabled via the \"Enabled Protocols\" dialog box in the Wireshark GUI application. This will also disable the protocol dissector when using \"tshark\", the command line tool.\nSee the links below for instructions to disable a protocol in Wireshark, specifically the \"Control Protocol Dissection\" section and the \"disabled_protos\" configuration file option.\nhttps://www.wireshark.org/docs/wsug_html_chunked/ChCustProtocolDissectionSection.html\nhttps://www.wireshark.org/docs/wsug_html_chunked/ChAppFilesConfigurationSection.html"}, "name": "CVE-2024-11596", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:10", "fix_state": "Not affected", "package_name": "wireshark", "product_name": "Red Hat Enterprise Linux 10"}, {"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Out of support scope", "package_name": "wireshark", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Out of support scope", "package_name": "wireshark", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "wireshark", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "wireshark", "product_name": "Red Hat Enterprise Linux 9"}], "public_date": "2024-11-21T09:30:59Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2024-11596\nhttps://nvd.nist.gov/vuln/detail/CVE-2024-11596\nhttps://gitlab.com/wireshark/wireshark/-/issues/20214\nhttps://www.wireshark.org/security/wnpa-sec-2024-15.html"], "statement": "This vulnerability will cause a crash in Wireshark with no other security impact. For this reason, this flaw has been rated with a moderate severity.", "threat_severity": "Moderate"}

{}