Wireshark 4.2.0 Zigbee TLV Dissector Crash (CVE-2024-0210)
CVE-2024-0210 Published on January 3, 2024

Uncontrolled Recursion in Wireshark
Zigbee TLV dissector crash in Wireshark 4.2.0 allows denial of service via packet injection or crafted capture file

NVD

Vulnerability Analysis

CVE-2024-0210 is exploitable with local system access, requires user interaction. This vulnerability is considered to have a low attack complexity. The potential impact of an exploit of this vulnerability is considered to be very high.

Attack Vector:

LOCAL

Attack Complexity:

LOW

Privileges Required:

NONE

User Interaction:

REQUIRED

Scope:

UNCHANGED

Confidentiality Impact:

HIGH

Integrity Impact:

HIGH

Availability Impact:

HIGH

Weakness Type

What is a Stack Exhaustion Vulnerability?

The product does not properly control the amount of recursion which takes place, consuming excessive resources, such as allocated memory or the program stack.

CVE-2024-0210 has been classified to as a Stack Exhaustion vulnerability or weakness.

Products Associated with CVE-2024-0210

Want to know whenever a new CVE is published for Wireshark? stack.watch will email you.

Wireshark

Affected Versions

Wireshark Foundation Wireshark:

Version 4.2.0 and below 4.2.1 is affected.

Exploit Probability

EPSS

0.07%

Percentile

22.29%

EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.

Wireshark 4.2.0 Zigbee TLV Dissector Crash (CVE-2024-0210)CVE-2024-0210 Published on January 3, 2024

Vulnerability Analysis

Weakness Type

What is a Stack Exhaustion Vulnerability?

Products Associated with CVE-2024-0210

Affected Versions

Exploit Probability

Wireshark 4.2.0 Zigbee TLV Dissector Crash (CVE-2024-0210)
CVE-2024-0210 Published on January 3, 2024