CVE-2024-0209

NameCVE-2024-0209
DescriptionIEEE 1609.2 dissector crash in Wireshark 4.2.0, 4.0.0 to 4.0.11, and 3.6.0 to 3.6.19 allows denial of service via packet injection or crafted capture file
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more)
Debian Bugs1059925

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
wireshark (PTS)buster2.6.20-0+deb10u4vulnerable
buster (security)2.6.20-0+deb10u8vulnerable
bullseye (security), bullseye3.4.10-0+deb11u1vulnerable
bookworm, bookworm (security)4.0.11-1~deb12u1vulnerable
trixie4.2.2-1fixed
sid4.2.2-1.1fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
wiresharksource(unstable)4.2.2-11059925

Notes

[bookworm] - wireshark <no-dsa> (Minor issue)
[bullseye] - wireshark <no-dsa> (Minor issue)
https://www.wireshark.org/security/wnpa-sec-2024-02.html
https://gitlab.com/wireshark/wireshark/-/issues/19501
The bug references two crashes, this is for the one labelled "BUG log 2",
the more severe "Bug log 1" only affected unreleased versions

Search for package or bug name: Reporting problems