CVE-2024-0208 – This vulnerability in Wireshark's GVCP dissecto... (How to Fix)

Q: What is the severity of CVE-2024-0208?

CVE-2024-0208 has a CVSS score of 7.8 (HIGH). This vulnerability in Wireshark's GVCP dissector allows remote attackers to cause a denial of service (crash) by injecting specially crafted packets or providing a malicious capture file. It affects Wireshark versions 4.2.0, 4.0.0-4.0.11, and 3.6.0-3.6.19. Users who analyze untrusted network traffic or capture files are at risk.

📋 TL;DR

This vulnerability in Wireshark's GVCP dissector allows remote attackers to cause a denial of service (crash) by injecting specially crafted packets or providing a malicious capture file. It affects Wireshark versions 4.2.0, 4.0.0-4.0.11, and 3.6.0-3.6.19. Users who analyze untrusted network traffic or capture files are at risk.

💻 Affected Systems

Products:

Wireshark

Versions: 4.2.0, 4.0.0 to 4.0.11, 3.6.0 to 3.6.19

Operating Systems: All platforms running affected Wireshark versions

Default Config Vulnerable: ⚠️ Yes

Notes: The vulnerability exists in the GVCP (GigE Vision Control Protocol) dissector. Any configuration using Wireshark to analyze GVCP traffic is vulnerable.

📦 What is this software?

⚠️ Risk & Real-World Impact

🔴

Worst Case

Wireshark crashes repeatedly when processing malicious traffic, preventing network analysis and potentially disrupting monitoring workflows.

🟠

Likely Case

Temporary denial of service where Wireshark crashes when encountering specially crafted GVCP packets, requiring restart.

🟢

If Mitigated

Minimal impact if Wireshark is not used to analyze untrusted traffic or if patched versions are deployed.

🌐 Internet-Facing: LOW - Wireshark is typically not internet-facing; it's a network analysis tool used internally.

🏢 Internal Only: MEDIUM - Internal users analyzing potentially malicious traffic or untrusted capture files could experience crashes.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Exploitation requires the attacker to send malicious packets to a network being monitored or provide a crafted capture file. No authentication is needed.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Fixed in Wireshark 4.2.1, 4.0.12, and 3.6.20

Vendor Advisory: https://www.wireshark.org/security/wnpa-sec-2024-01.html

Restart Required: Yes

Instructions:

1. Download the patched version from wireshark.org. 2. Install over existing version. 3. Restart Wireshark and any related services.

🔧 Temporary Workarounds

Disable GVCP dissector

all

Prevents Wireshark from processing GVCP traffic by disabling the dissector

Edit preferences -> Protocols -> GVCP -> Uncheck 'Enable GVCP protocol'

Use tshark with dissector disable

all

Run tshark with GVCP dissector disabled for command-line analysis

tshark -o gvcp.enable_protocol:FALSE -r capture.pcap

🧯 If You Can't Patch

Avoid analyzing untrusted network traffic or capture files with affected Wireshark versions
Use network segmentation to limit exposure to potentially malicious traffic

🔍 How to Verify

Check if Vulnerable:

Check Wireshark version via Help -> About Wireshark or 'wireshark -v' command

Check Version:

wireshark -v

Verify Fix Applied:

Confirm version is 4.2.1, 4.0.12, 3.6.20 or later

📡 Detection & Monitoring

Log Indicators:

Wireshark crash logs, unexpected termination events

Network Indicators:

Unusual GVCP traffic patterns, malformed packets targeting port 3956

SIEM Query:

EventID for application crash containing 'wireshark' or 'tshark'

📊 Metadata

CVE ID: CVE-2024-0208

CVSS v3 Score: 7.8 (HIGH)

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CWE: CWE-230

Published: January 3, 2024

Last Updated: November 3, 2025

🔗 References

https://gitlab.com/wireshark/wireshark/-/issues/19496 Exploit,Issue Tracking,Vendor Advisory
https://www.wireshark.org/security/wnpa-sec-2024-01.html Issue Tracking,Vendor Advisory
https://gitlab.com/wireshark/wireshark/-/issues/19496 Exploit,Issue Tracking,Vendor Advisory
https://lists.debian.org/debian-lts-announce/2024/02/msg00016.html
https://lists.debian.org/debian-lts-announce/2024/09/msg00049.html
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/34DBP5P2RHQ7XUABPANYYMOGV5KS6VEP/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MADSCHKZSCKQ5NLIX3UMOIJD2JZ65L4V/
https://www.wireshark.org/security/wnpa-sec-2024-01.html Issue Tracking,Vendor Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-0208, you might also want to check these:

📋 TL;DR

💻 Affected Systems

📦 What is this software?

Wireshark by Wireshark

Wireshark by Wireshark

Wireshark by Wireshark

⚠️ Risk & Real-World Impact

Worst Case

Likely Case

If Mitigated

🎯 Exploit Status

🛠️ Fix & Mitigation

✅ Official Fix

Instructions:

🔧 Temporary Workarounds

Disable GVCP dissector

Use tshark with dissector disable

🧯 If You Can't Patch

🔍 How to Verify

Check if Vulnerable:

Check Version:

Verify Fix Applied:

📡 Detection & Monitoring

Log Indicators:

Network Indicators:

SIEM Query:

📊 Metadata

🔗 References

📤 Share & Export

🔗 Related Vulnerabilities