wnpa-sec-2024-08 · Editcap byte chopping crash
Summary
Name: Editcap byte chopping crash
Docid: wnpa-sec-2024-08
Date: May 15, 2024
Affected versions: 4.2.0 to 4.2.4, 4.0.0 to 4.0.14, 3.6.0 to 3.6.22
Fixed versions: 4.2.5, 4.0.15, 3.6.23
References:
Wireshark issue 19724.
CVE-2024-4853.
Details
Description
The editcap command line utility could crash when chopping bytes from the beginning of a packet.
Impact
Discovered by Dawei Wang and Geng Zhou, from Zhongguancun Laboratory.
We are unaware of any active exploits for this issue. It may be possible to make editcap crash by convincing someone to read a malformed packet trace file.
Resolution
Upgrade to Wireshark 4.2.5, 4.0.15, 3.6.23 or later.