CNVD-2024-39271 — Vulnetix

CNVD-2024-39271 PUBLISHED CVSS 7.800000190734863 HIGH

Wireshark是一款非常流行的网络封包分析软件，可以截取各种网络数据包，并显示数据包详细信息。 Wireshark在4.2.0版本中存在拒绝服务漏洞。受影响版本的Wireshark中的HTTP3解析器崩溃允许通过数据包注入或精心制作的捕获文件拒绝服务。攻击者可利用该漏洞设计制作恶意文件从而发起攻击，对站点系统进行拒绝服务攻击。

Risk Scores

CVSS v3.1

7.800000190734863

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Affected Products

Vendor	Product	Versions
Wireshark Foundation	Wireshark	4.2.0

Timeline

Jan 3, 2024 CVE Published
Jan 3, 2024 PoC Published
Jan 4, 2024 PoC Published
Jan 9, 2024 PoC Published
Jan 23, 2024 PoC Published

References

https://www.wireshark.org/security/wnpa-sec-2024-03.html url
GitLab Issue #19502 issue

Open in Interactive Console →