{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-9781", "assignerOrgId": "ceab7361-8a18-47b1-92ba-4d7d25f6715a", "state": "PUBLISHED", "assignerShortName": "GitLab", "dateReserved": "2024-10-10T06:30:44.702Z", "datePublished": "2024-10-10T06:30:54.729Z", "dateUpdated": "2024-10-10T14:37:33.798Z"}, "containers": {"cna": {"title": "Improper Handling of Missing Values in Wireshark", "descriptions": [{"lang": "en", "value": "AppleTalk and RELOAD Framing dissector crash in Wireshark 4.4.0 and 4.2.0 to 4.2.7 allows denial of service via packet injection or crafted capture file"}], "affected": [{"vendor": "Wireshark Foundation", "product": "Wireshark", "versions": [{"version": "4.4.0", "status": "affected", "lessThan": "4.4.1", "versionType": "semver"}, {"version": "4.2.0", "status": "affected", "lessThan": "4.2.8", "versionType": "semver"}], "defaultStatus": "unaffected"}], "problemTypes": [{"descriptions": [{"lang": "en", "description": "CWE-230: Improper Handling of Missing Values", "cweId": "CWE-230", "type": "CWE"}]}], "references": [{"url": "https://www.wireshark.org/security/wnpa-sec-2024-13.html"}, {"url": "https://gitlab.com/wireshark/wireshark/-/issues/20114", "name": "GitLab Issue #20114", "tags": ["issue-tracking", "permissions-required"]}], "metrics": [{"format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}], "cvssV3_1": {"version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "attackVector": "LOCAL", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "REQUIRED", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH"}}], "solutions": [{"lang": "en", "value": "Upgrade to version 4.4.1, 4.2.8 or above."}], "providerMetadata": {"orgId": "ceab7361-8a18-47b1-92ba-4d7d25f6715a", "shortName": "GitLab", "dateUpdated": "2024-10-10T06:30:54.729Z"}}, "adp": [{"affected": [{"vendor": "wireshark", "product": "wireshark", "cpes": ["cpe:2.3:a:wireshark:wireshark:*:*:*:*:*:*:*:*"], "defaultStatus": "unaffected", "versions": [{"version": "4.4.0", "status": "affected", "lessThan": "4.4.1", "versionType": "semver"}, {"version": "4.2.0", "status": "affected", "lessThan": "4.2.8", "versionType": "semver"}]}], "metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-10-10T14:36:27.444352Z", "id": "CVE-2024-9781", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-10-10T14:37:33.798Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-9781", "role": "CISA Coordinator", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2024-10-10T14:36:27.444352Z"}}}], "affected": [{"cpes": ["cpe:2.3:a:wireshark:wireshark:*:*:*:*:*:*:*:*"], "vendor": "wireshark", "product": "wireshark", "versions": [{"status": "affected", "version": "4.4.0", "lessThan": "4.4.1", "versionType": "semver"}, {"status": "affected", "version": "4.2.0", "lessThan": "4.2.8", "versionType": "semver"}], "defaultStatus": "unaffected"}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-10-10T14:37:25.815Z"}}], "cna": {"title": "Improper Handling of Missing Values in Wireshark", "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.8, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "Wireshark Foundation", "product": "Wireshark", "versions": [{"status": "affected", "version": "4.4.0", "lessThan": "4.4.1", "versionType": "semver"}, {"status": "affected", "version": "4.2.0", "lessThan": "4.2.8", "versionType": "semver"}], "defaultStatus": "unaffected"}], "solutions": [{"lang": "en", "value": "Upgrade to version 4.4.1, 4.2.8 or above."}], "references": [{"url": "https://www.wireshark.org/security/wnpa-sec-2024-13.html"}, {"url": "https://gitlab.com/wireshark/wireshark/-/issues/20114", "name": "GitLab Issue #20114", "tags": ["issue-tracking", "permissions-required"]}], "descriptions": [{"lang": "en", "value": "AppleTalk and RELOAD Framing dissector crash in Wireshark 4.4.0 and 4.2.0 to 4.2.7 allows denial of service via packet injection or crafted capture file"}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-230", "description": "CWE-230: Improper Handling of Missing Values"}]}], "providerMetadata": {"orgId": "ceab7361-8a18-47b1-92ba-4d7d25f6715a", "shortName": "GitLab", "dateUpdated": "2024-10-10T06:30:54.729Z"}}}, "cveMetadata": {"cveId": "CVE-2024-9781", "state": "PUBLISHED", "dateUpdated": "2024-10-10T14:37:33.798Z", "dateReserved": "2024-10-10T06:30:44.702Z", "assignerOrgId": "ceab7361-8a18-47b1-92ba-4d7d25f6715a", "datePublished": "2024-10-10T06:30:54.729Z", "assignerShortName": "GitLab"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:wireshark:wireshark:*:*:*:*:*:*:*:*", "matchCriteriaId": "CEEEB07E-F484-45D2-AD9F-3F25907DAB4D", "versionEndExcluding": "4.2.8", "versionStartIncluding": "4.2.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:wireshark:wireshark:4.4.0:*:*:*:*:*:*:*", "matchCriteriaId": "662044CC-EE04-4410-A391-33B612CD1C3E", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "AppleTalk and RELOAD Framing dissector crash in Wireshark 4.4.0 and 4.2.0 to 4.2.7 allows denial of service via packet injection or crafted capture file"}, {"lang": "es", "value": "El fallo del disector de AppleTalk y RELOAD Framing en Wireshark 4.4.0 y 4.2.0 a 4.2.7 permite la denegaci\u00f3n de servicio a trav\u00e9s de la inyecci\u00f3n de paquetes o un archivo de captura manipulado"}], "id": "CVE-2024-9781", "lastModified": "2024-11-25T18:09:33.853", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 5.9, "source": "cve@gitlab.com", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2024-10-10T07:15:04.100", "references": [{"source": "cve@gitlab.com", "tags": ["Patch"], "url": "https://gitlab.com/wireshark/wireshark/-/issues/20114"}, {"source": "cve@gitlab.com", "tags": ["Vendor Advisory"], "url": "https://www.wireshark.org/security/wnpa-sec-2024-13.html"}], "sourceIdentifier": "cve@gitlab.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-230"}], "source": "cve@gitlab.com", "type": "Secondary"}, {"description": [{"lang": "en", "value": "NVD-CWE-noinfo"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"bugzilla": {"description": "wireshark: Improper Handling of Missing Values in Wireshark", "id": "2317746", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2317746"}, "csaw": false, "cvss3": {"cvss3_base_score": "6.5", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "status": "draft"}, "cwe": "CWE-230", "details": ["AppleTalk and RELOAD Framing dissector crash in Wireshark 4.4.0 and 4.2.0 to 4.2.7 allows denial of service via packet injection or crafted capture file", "A flaw was found in the AppleTalk and RELOAD Framing dissectors of Wireshark. This issue occurs when decoding malformed packets from a pcap file or from the network, causing an invalid read memory access and a denial of service."], "mitigation": {"lang": "en:us", "value": "If the AppleTalk and RELOAD Framing protocol dissectors are not being used, they can be disabled via the \"Enabled Protocols\" dialog box in the Wireshark GUI application. This will also disable the protocol dissectors when using \"tshark\", the command line tool.\nSee the links below for instructions to disable a protocol in Wireshark, specifically the \"Control Protocol Dissection\" section and the \"disabled_protos\" configuration file option.\nhttps://www.wireshark.org/docs/wsug_html_chunked/ChCustProtocolDissectionSection.html\nhttps://www.wireshark.org/docs/wsug_html_chunked/ChAppFilesConfigurationSection.html"}, "name": "CVE-2024-9781", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Out of support scope", "package_name": "wireshark", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "wireshark", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "wireshark", "product_name": "Red Hat Enterprise Linux 9"}], "public_date": "2024-10-10T06:30:54Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2024-9781\nhttps://nvd.nist.gov/vuln/detail/CVE-2024-9781\nhttps://gitlab.com/wireshark/wireshark/-/issues/20114\nhttps://www.wireshark.org/security/wnpa-sec-2024-13.html"], "statement": "This vulnerability will cause a crash in Wireshark with no other security impact. For this reason, this flaw has been rated with a moderate severity.\nAdditionally, Wireshark as shipped in Red Hat Enterprise Linux 8 and 9 is not affected by this vulnerability.", "threat_severity": "Moderate"}