{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2024-2955", "assignerOrgId": "ceab7361-8a18-47b1-92ba-4d7d25f6715a", "state": "PUBLISHED", "assignerShortName": "GitLab", "dateReserved": "2024-03-26T19:02:07.653Z", "datePublished": "2024-03-26T20:02:08.419Z", "dateUpdated": "2025-11-03T21:54:35.524Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "Wireshark", "vendor": "Wireshark Foundation", "versions": [{"lessThan": "4.2.4", "status": "affected", "version": "4.2.0", "versionType": "semver"}, {"lessThan": "4.0.14", "status": "affected", "version": "4.0.0", "versionType": "semver"}]}], "descriptions": [{"lang": "en", "value": "T.38 dissector crash in Wireshark 4.2.0 to 4.0.3 and 4.0.0 to 4.0.13 allows denial of service via packet injection or crafted capture file"}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-762", "description": "CWE-762: Mismatched Memory Management Routines", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "ceab7361-8a18-47b1-92ba-4d7d25f6715a", "shortName": "GitLab", "dateUpdated": "2024-08-29T15:04:56.788Z"}, "references": [{"tags": ["broken-link"], "url": "https://www.wireshark.org/security/wnpa-sec-2024-06.html"}, {"name": "GitLab Issue #19695", "tags": ["issue-tracking"], "url": "https://gitlab.com/wireshark/wireshark/-/issues/19695"}], "solutions": [{"lang": "en", "value": "Upgrade to versions 4.2.4 or above."}], "title": "Mismatched Memory Management Routines in Wireshark"}, "adp": [{"affected": [{"vendor": "wireshark", "product": "wireshark", "cpes": ["cpe:2.3:a:wireshark:wireshark:*:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "4.2.0", "status": "affected", "lessThan": "4.2.4", "versionType": "semver"}, {"version": "4.0.0", "status": "affected", "lessThan": "4.0.14", "versionType": "custom"}]}], "metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-04-17T11:38:47.749899Z", "id": "CVE-2024-2955", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-04-10T20:07:56.097Z"}}, {"title": "CVE Program Container", "references": [{"url": "https://www.wireshark.org/security/wnpa-sec-2024-06.html", "tags": ["broken-link", "x_transferred"]}, {"url": "https://gitlab.com/wireshark/wireshark/-/issues/19695", "name": "GitLab Issue #19695", "tags": ["issue-tracking", "x_transferred"]}, {"url": "https://lists.fedoraproject.org/archives/list/[email protected]/message/ZD2MNS6EW2K2SSMN4YBGPZCC47KBDNEE/", "tags": ["x_transferred"]}, {"url": "https://lists.fedoraproject.org/archives/list/[email protected]/message/Q7TWJQKXOV4HYI5C4TWRKTN7B5YL7GTU/", "tags": ["x_transferred"]}, {"url": "https://lists.debian.org/debian-lts-announce/2024/09/msg00049.html"}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2025-11-03T21:54:35.524Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://www.wireshark.org/security/wnpa-sec-2024-06.html", "tags": ["broken-link", "x_transferred"]}, {"url": "https://gitlab.com/wireshark/wireshark/-/issues/19695", "name": "GitLab Issue #19695", "tags": ["issue-tracking", "x_transferred"]}, {"url": "https://lists.fedoraproject.org/archives/list/[email protected]/message/ZD2MNS6EW2K2SSMN4YBGPZCC47KBDNEE/", "tags": ["x_transferred"]}, {"url": "https://lists.fedoraproject.org/archives/list/[email protected]/message/Q7TWJQKXOV4HYI5C4TWRKTN7B5YL7GTU/", "tags": ["x_transferred"]}, {"url": "https://lists.debian.org/debian-lts-announce/2024/09/msg00049.html"}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2025-11-03T21:54:35.524Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-2955", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2024-04-17T11:38:47.749899Z"}}}], "affected": [{"cpes": ["cpe:2.3:a:wireshark:wireshark:*:*:*:*:*:*:*:*"], "vendor": "wireshark", "product": "wireshark", "versions": [{"status": "affected", "version": "4.2.0", "lessThan": "4.2.4", "versionType": "semver"}, {"status": "affected", "version": "4.0.0", "lessThan": "4.0.14", "versionType": "custom"}], "defaultStatus": "unknown"}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-07-16T17:40:42.800Z"}}], "cna": {"title": "Mismatched Memory Management Routines in Wireshark", "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.8, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "Wireshark Foundation", "product": "Wireshark", "versions": [{"status": "affected", "version": "4.2.0", "lessThan": "4.2.4", "versionType": "semver"}, {"status": "affected", "version": "4.0.0", "lessThan": "4.0.14", "versionType": "semver"}], "defaultStatus": "unaffected"}], "solutions": [{"lang": "en", "value": "Upgrade to versions 4.2.4 or above."}], "references": [{"url": "https://www.wireshark.org/security/wnpa-sec-2024-06.html", "tags": ["broken-link"]}, {"url": "https://gitlab.com/wireshark/wireshark/-/issues/19695", "name": "GitLab Issue #19695", "tags": ["issue-tracking"]}], "descriptions": [{"lang": "en", "value": "T.38 dissector crash in Wireshark 4.2.0 to 4.0.3 and 4.0.0 to 4.0.13 allows denial of service via packet injection or crafted capture file"}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-762", "description": "CWE-762: Mismatched Memory Management Routines"}]}], "providerMetadata": {"orgId": "ceab7361-8a18-47b1-92ba-4d7d25f6715a", "shortName": "GitLab", "dateUpdated": "2024-08-29T15:04:56.788Z"}}}, "cveMetadata": {"cveId": "CVE-2024-2955", "state": "PUBLISHED", "dateUpdated": "2025-11-03T21:54:35.524Z", "dateReserved": "2024-03-26T19:02:07.653Z", "assignerOrgId": "ceab7361-8a18-47b1-92ba-4d7d25f6715a", "datePublished": "2024-03-26T20:02:08.419Z", "assignerShortName": "GitLab"}, "dataVersion": "5.2"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:wireshark:wireshark:*:*:*:*:*:*:*:*", "matchCriteriaId": "EC6A599A-7D35-4C3C-94E3-E8B9AF156026", "versionEndExcluding": "4.0.14", "versionStartIncluding": "4.0.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:wireshark:wireshark:*:*:*:*:*:*:*:*", "matchCriteriaId": "6486329E-65BB-4EC3-BEE8-054B3EA697A3", "versionEndExcluding": "4.2.4", "versionStartIncluding": "4.2.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:fedoraproject:fedora:39:*:*:*:*:*:*:*", "matchCriteriaId": "B8EDB836-4E6A-4B71-B9B2-AA3E03E0F646", "vulnerable": true}, {"criteria": "cpe:2.3:o:fedoraproject:fedora:40:*:*:*:*:*:*:*", "matchCriteriaId": "CA277A6C-83EC-4536-9125-97B84C4FAF59", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "T.38 dissector crash in Wireshark 4.2.0 to 4.0.3 and 4.0.0 to 4.0.13 allows denial of service via packet injection or crafted capture file"}, {"lang": "es", "value": "La falla del disector T.38 en Wireshark 4.2.0 a 4.0.3 y 4.0.0 a 4.0.13 permite la denegaci\u00f3n de servicio mediante inyecci\u00f3n de paquetes o archivo de captura manipulado"}], "id": "CVE-2024-2955", "lastModified": "2025-11-03T22:16:51.067", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 5.9, "source": "[email protected]", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "[email protected]", "type": "Primary"}]}, "published": "2024-03-26T20:15:11.710", "references": [{"source": "[email protected]", "tags": ["Exploit", "Issue Tracking"], "url": "https://gitlab.com/wireshark/wireshark/-/issues/19695"}, {"source": "[email protected]", "tags": ["Vendor Advisory"], "url": "https://www.wireshark.org/security/wnpa-sec-2024-06.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit", "Issue Tracking"], "url": "https://gitlab.com/wireshark/wireshark/-/issues/19695"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://lists.debian.org/debian-lts-announce/2024/09/msg00049.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List"], "url": "https://lists.fedoraproject.org/archives/list/[email protected]/message/Q7TWJQKXOV4HYI5C4TWRKTN7B5YL7GTU/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List"], "url": "https://lists.fedoraproject.org/archives/list/[email protected]/message/ZD2MNS6EW2K2SSMN4YBGPZCC47KBDNEE/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "https://www.wireshark.org/security/wnpa-sec-2024-06.html"}], "sourceIdentifier": "[email protected]", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-762"}], "source": "[email protected]", "type": "Secondary"}, {"description": [{"lang": "en", "value": "CWE-763"}], "source": "[email protected]", "type": "Primary"}]}

{"bugzilla": {"description": "wireshark: T.38 dissector crash", "id": "2271741", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2271741"}, "csaw": false, "cvss3": {"cvss3_base_score": "6.5", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "status": "draft"}, "cwe": "CWE-762", "details": ["T.38 dissector crash in Wireshark 4.2.0 to 4.0.3 and 4.0.0 to 4.0.13 allows denial of service via packet injection or crafted capture file", "A flaw was found in the T.38 dissector of Wireshark. This issue occurs when decoding malformed packets from a pcap file or from the network, causing a use-after-free problem, resulting in a denial of service."], "name": "CVE-2024-2955", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:10", "fix_state": "Not affected", "package_name": "wireshark", "product_name": "Red Hat Enterprise Linux 10"}, {"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Out of support scope", "package_name": "wireshark", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Out of support scope", "package_name": "wireshark", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Will not fix", "package_name": "wireshark", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Will not fix", "package_name": "wireshark", "product_name": "Red Hat Enterprise Linux 9"}], "public_date": "2024-03-26T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2024-2955\nhttps://nvd.nist.gov/vuln/detail/CVE-2024-2955\nhttps://www.wireshark.org/security/wnpa-sec-2024-06.html"], "threat_severity": "Moderate"}