CNVD-2024-39274 — Vulnetix

CNVD-2024-39274 PUBLISHED CVSS 5.300000190734863 MEDIUM

Wireshark是一款开源的网络协议分析工具，被广泛应用于实时网络通信、网络故障诊断、网络安全分析等领域。它可以捕获和分析从网络上传输的数据包，提供了强大的过滤器和插件体系，并支持多种协议解析和协议编辑。 Wireshark存在安全漏洞，攻击者可利用该漏洞通过构造恶意捕获文件可触发解析异常，导致Wireshark应用程序崩溃，拒绝服务攻击。

Risk Scores

CVSS 3.1

5.300000190734863

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L

Affected Products

Vendor	Product	Versions
Wireshark Foundation	Wireshark	>=4.0.0, <4.0.6, >=3.6.0, <3.6.14

Exploit Intelligence

CIRCL seen: CVE-2023-2857 (circl-sighting)
https://www.wireshark.org/security/wnpa-sec-2023-13.html (circl)
https://gitlab.com/wireshark/wireshark/-/issues/19063 (circl)
https://gitlab.com/gitlab-org/cves/-/blob/master/2023/CVE-2023-2857.json (circl)
DSA-5429 (circl)
GLSA-202309-02 (circl)

Timeline

May 26, 2023 CVE Published
May 30, 2023 CVE ID Reserved
Jan 15, 2025 PoC Published
May 2, 2026 Distribution Patch
May 2, 2026 Security Advisory
May 2, 2026 Security Advisory

References

https://www.wireshark.org/security/wnpa-sec-2023-13.html url
https://gitlab.com/wireshark/wireshark/-/issues/19063 url
https://gitlab.com/gitlab-org/cves/-/blob/master/2023/CVE-2023-2857.json url
DSA-5429 vendor-advisory
GLSA-202309-02 vendor-advisory

Open in Interactive Console →