CVE-2024-24478 - Wireshark Vulnerability Discovered in Versions Prior to 4.2., Allows DoS Attacks Through Denial of Service, Disputed by Vendor

A vulnerability dubbed CVE-2024-24478 has been recently discovered in Wireshark versions before 4.2., potentially allowing a malicious remote attacker to cause a Denial of Service (DoS) attack. The exploit specifically targets the packet-bgp.c, dissect_bgp_open(tvbuff_t*tvb, proto_tree*tree, packet_info*pinfo), and optlen components. However, it is essential to note that the vendor of Wireshark actively disputes this claim, stating that neither release 4.2. nor any other release is affected by this issue.

The code responsible for this vulnerability lies in packet-bgp.c and contains the following lines

dissect_bgp_open(tvbuff_t *tvb, proto_tree *tree, packet_info *pinfo){
  guint8 optlen;
  ...
  optlen = tvb_get_guint8(tvb, offset); // vulnerable line
  ...
}

As visible in the code excerpt provided, the variable optlen, which stores the length of BGP open options, is initialized with the return value of the tvb_get_guint8() function. This line of code allows the potential remote attacker to compromise the system and execute a Denial of Service attack.

For more information regarding the CVE-2024-24478 vulnerability, refer to these official sources

- National Vulnerability Database (NVD) - CVE-2024-24478
- Common Vulnerabilities and Exposures (CVE) - CVE-2024-24478

Exploit Details

The security issue, as stated earlier, targets critical components of the Wireshark software. With a successful exploit, the attacker could potentially run a remote DoS attack that would cause the target system to crash or become unresponsive, negatively affecting users.

However, it is imperative to note the vendor's statement on this matter - Wireshark maintains that neither the 4.2. release nor any other releases have been affected by CVE-2024-24478. This lack of agreement between various parties leads to some uncertainty regarding the validity and potential impact of this vulnerability.

Conclusion

While CVE-2024-24478 remains a point of contention between the software creator and the discovering party, it is crucial for those working with or managing Wireshark to stay informed on this topic. In the event that this vulnerability is validated, patches and updates should be applied swiftly to mitigate potential risks.

As with any publicly disclosed vulnerability, CVE-2024-24478 may be used maliciously by those seeking to compromise network infrastructure and services. Please ensure that your systems are up-to-date and follow recommended best practices in network security.

Timeline

Published on: 02/21/2024 17:15:09 UTC
Last modified on: 05/17/2024 02:36:45 UTC