CVE-2024-8645

MEDIUM

Wireshark 4.0.0-4.0.15 and 4.2.0-4.2.5 - Denial of Service via SPRT Dissector

Title source: llm

SPRT dissector crash in Wireshark 4.2.0 to 4.0.5 and 4.0.0 to 4.0.15 allows denial of service via packet injection or crafted capture file

Core 3

Core References

Vendor Advisory

Mailing List

Issue Tracking issue-tracking permissions-required

CVSS v3 5.5

EPSS 0.0021

EPSS Percentile 10.9%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

Vulnrichment

Exploitation poc

Automatable no

Technical Impact partial

CWE

CWE-824

Status published

Products (3)

wireshark/wireshark 4.0.0 - 4.0.16

Wireshark Foundation/Wireshark 4.0.0 - 4.0.16

Wireshark Foundation/Wireshark 4.2.0 - 4.2.6

Published Sep 10, 2024

Tracked Since Feb 18, 2026