Vulnerability Details : CVE-2024-9781
AppleTalk and RELOAD Framing dissector crash in Wireshark 4.4.0 and 4.2.0 to 4.2.7 allows denial of service via packet injection or crafted capture file
Vulnerability category: Denial of service
Products affected by CVE-2024-9781
- cpe:2.3:a:wireshark:wireshark:*:*:*:*:*:*:*:*
- cpe:2.3:a:wireshark:wireshark:4.4.0:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2024-9781
0.09%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 27 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2024-9781
| Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
|---|---|---|---|---|---|---|
|
7.8
|
HIGH | CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H |
N/A
|
N/A
|
GitLab Inc. | 2024-10-10 |
|
7.8
|
HIGH | CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H |
1.8
|
5.9
|
GitLab Inc. | 2024-10-10 |
|
7.5
|
HIGH | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
3.9
|
3.6
|
NIST | 2024-11-25 |
|
7.8
|
HIGH | CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H |
N/A
|
N/A
|
RedHat-CVE-2024-9781 | 2024-10-10 |
CWE ids for CVE-2024-9781
-
The product does not handle or incorrectly handles when a parameter, field, or argument name is specified, but the associated value is missing, i.e. it is empty, blank, or null.Assigned by:
- ceab7361-8a18-47b1-92ba-4d7d25f6715a (Primary)
- cve@gitlab.com (Secondary)
References for CVE-2024-9781
-
https://www.wireshark.org/security/wnpa-sec-2024-13.html
Wireshark • wnpa-sec-2024-13 AppleTalk and RELOAD Framing dissector crashesVendor Advisory
-
https://gitlab.com/wireshark/wireshark/-/issues/20114
Fuzz job crash: fuzz-2024-10-08-7201.pcap (#20114) · Issues · Wireshark Foundation / Wireshark · GitLabPatch
Jump to