DescriptionIn Wireshark 2.4.0 to 2.4.11, the ENIP dissector could crash. This was addressed in epan/dissectors/packet-enip.c by changing the memory-management approach so that a use-after-free is avoided.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more)

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
wireshark (PTS)buster2.6.20-0+deb10u4fixed
buster (security)2.6.20-0+deb10u7fixed
bullseye (security), bullseye3.4.10-0+deb11u1fixed
bookworm, bookworm (security)4.0.6-1~deb12u1fixed
sid, trixie4.0.8-1fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
wiresharksourcejessie(not affected)


[jessie] - wireshark <not-affected> (Vulnerable code not present);a=commit;h=1c66174ec7aa19e2ddc79178cf59f15a654fc4fe
Fix for 2.4.x was a cherry pick of:;a=commit;h=177962a5b4a05759b40fb6fc07a4a6eec306a9bf (2.5.1)

Search for package or bug name: Reporting problems