CVE-2024-4855
LOWWireshark 3.6.0-3.6.22 and 4.0.0-4.0.14 and 4.2.0-4.2.4 - Use-After-Free via Crafted Capture File
Title source: llmDescription
Use after free issue in editcap could cause denial of service via crafted capture file
References (6)
Core 6
Core References
Vendor Advisory
https://www.wireshark.org/security/wnpa-sec-2024-08.html
Mailing List
https://lists.fedoraproject.org/archives/list/[email protected]/message/66H2BSENPSIALF2WIZF7M3QBVWYBMFGW/
Mailing List
https://lists.fedoraproject.org/archives/list/[email protected]/message/7MKFJAZDKXGFFQPRDYLX2AANRNMYZZEZ/
Exploit, Issue Tracking issue-tracking
permissions-required
https://gitlab.com/wireshark/wireshark/-/issues/19782
Exploit, Issue Tracking issue-tracking
permissions-required
https://gitlab.com/wireshark/wireshark/-/issues/19783
Exploit, Issue Tracking issue-tracking
permissions-required
https://gitlab.com/wireshark/wireshark/-/issues/19784
Scores
CVSS v3
3.6
EPSS
0.0002
EPSS Percentile
6.7%
Attack Vector
LOCAL
CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:L
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
partial
Details
CWE
CWE-416
Status
published
Products (6)
fedoraproject/fedora
39
fedoraproject/fedora
40
wireshark/wireshark
3.6.0 - 3.6.23
Wireshark Foundation/editcap
3.6.0 - 3.6.23
Wireshark Foundation/editcap
4.0.0 - 4.0.15
Wireshark Foundation/editcap
4.2.0 - 4.2.5
Published
May 14, 2024
Tracked Since
Feb 18, 2026