wnpa-sec-2024-09 · Editcap secret injection crash
Summary
Name: Editcap secret injection crash
Docid: wnpa-sec-2024-09
Date: May 15, 2024
Affected versions: 4.2.0 to 4.2.4, 4.0.0 to 4.0.14, 3.6.0 to 3.6.23
Fixed versions: 4.2.5, 4.0.15, 3.6.24
References:
Wireshark issue 19782.
Wireshark issue 19783.
Wireshark issue 19784.
CVE-2024-4855.
Details
Description
The editcap command line utility could crash when injecting secrets while writing multiple files.
Impact
Discovered by Dawei Wang and Geng Zhou, from Zhongguancun Laboratory.
We are unaware of any active exploits for this issue. It may be possible to make editcap crash by convincing someone to read a malformed packet trace file.
Resolution
Upgrade to Wireshark 4.2.5, 4.0.15, 3.6.24 or later.