Join us 4-8 November in Vienna for SharkFest'24 EUROPE, the official Wireshark Developer and User Conference
Wireshark logo

wnpa-sec-2024-08 · Editcap byte chopping crash

Summary

Name: Editcap byte chopping crash

Docid: wnpa-sec-2024-08

Date: May 15, 2024

Affected versions: 4.2.0 to 4.2.4, 4.0.0 to 4.0.14, 3.6.0 to 3.6.22

Fixed versions: 4.2.5, 4.0.15, 3.6.23

References:

Wireshark issue 19724.
CVE-2024-4853.

Details

Description

The editcap command line utility could crash when chopping bytes from the beginning of a packet.

Impact

Discovered by Dawei Wang and Geng Zhou, from Zhongguancun Laboratory.

We are unaware of any active exploits for this issue. It may be possible to make editcap crash by convincing someone to read a malformed packet trace file.

Resolution

Upgrade to Wireshark 4.2.5, 4.0.15, 3.6.23 or later.