Login Sign Up

CVE-2024-24476

7.5 HIGH
Denial of Service Buffer Overflow

📋 TL;DR

This CVE describes a disputed buffer overflow vulnerability in Wireshark's address resolution and manufacturer lookup components that could allow remote attackers to cause denial of service. The vendor disputes this vulnerability, stating no releases were affected. Users running potentially vulnerable Wireshark versions for packet analysis could be impacted.

💻 Affected Systems

Products:
  • Wireshark
Versions: Versions before 4.2.0 (disputed by vendor)
Operating Systems: All platforms running Wireshark
Default Config Vulnerable: ⚠️ Yes
Notes: Vendor disputes this vulnerability exists; requires Wireshark to be actively capturing/analyzing network traffic.

📦 What is this software?

Fedora by Fedoraproject

View all CVEs affecting Fedora →

Wireshark by Wireshark

View all CVEs affecting Wireshark →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Remote attacker causes Wireshark to crash via specially crafted network traffic, potentially disrupting network analysis operations.

🟠

Likely Case

Denial of service causing Wireshark to crash when processing malicious packets.

🟢

If Mitigated

No impact if using unaffected versions or if traffic filtering prevents malicious packets from reaching Wireshark.

🌐 Internet-Facing: LOW - Wireshark is typically not internet-facing; requires malicious traffic to reach the analysis system.
🏢 Internal Only: MEDIUM - Internal attackers could craft packets to crash Wireshark instances used for network monitoring.

🎯 Exploit Status

Public PoC: ⚠️ Yes
Weaponized: LIKELY
Unauthenticated Exploit: ⚠️ Yes
Complexity: LOW

Proof of concept available in references; exploitation requires ability to send network traffic to vulnerable system.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 4.2.0 (though vendor disputes vulnerability)

Vendor Advisory: https://gitlab.com/wireshark/wireshark/-/issues/19344

Restart Required: No

Instructions:

1. Update Wireshark to version 4.2.0 or later. 2. On Linux: Use package manager (apt/yum). 3. On Windows: Download from wireshark.org. 4. Verify version with wireshark --version.

🔧 Temporary Workarounds

Disable affected dissectors

all

Disable manufacturer lookup and address resolution features

Edit preferences: Analyze → Enabled Protocols → Disable unnecessary protocols
Set 'Enable MAC name resolution' to false in preferences

Network segmentation

all

Isolate Wireshark systems from untrusted networks

🧯 If You Can't Patch

  • Restrict Wireshark usage to trusted network segments only
  • Implement network monitoring to detect anomalous traffic patterns

🔍 How to Verify

Check if Vulnerable:

Check Wireshark version: wireshark --version | grep 'Wireshark'

Check Version:

wireshark --version

Verify Fix Applied:

Confirm version is 4.2.0 or later: wireshark --version

📡 Detection & Monitoring

Log Indicators:

  • Wireshark crash logs
  • Segmentation fault errors in system logs

Network Indicators:

  • Unusual packet patterns targeting Wireshark ports
  • Malformed packets in network captures

SIEM Query:

source="wireshark.log" AND ("segmentation fault" OR "crash" OR "buffer overflow")

📊 Metadata

CVE ID: CVE-2024-24476
CVSS v3 Score: 7.5 (HIGH)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CWE: CWE-119
Published: February 21, 2024
Last Updated: November 4, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-24476, you might also want to check these:

CVE-2024-23613 10.0

A critical buffer overflow vulnerability in Symantec Deployment Solution 7.9 allows remote, unauthen...

Same vulnerability type (CWE-119)
CVE-2024-23615 10.0

A critical buffer overflow vulnerability in Symantec Messaging Gateway allows remote unauthenticated...

Same vulnerability type (CWE-119)
CVE-2026-2776 10.0

This CVE describes a sandbox escape vulnerability in Firefox's Telemetry component due to incorrect ...

Same vulnerability type (CWE-119)