ANNOUNCEMENT: Live Wireshark University & Allegro Packets online APAC Wireshark Training Session
July 17th, 2024 | 10:00am-11:55am SGT (UTC+8) | Online

wnpa-sec-2024-08 · Editcap byte chopping crash

Summary

Name: Editcap byte chopping crash

Docid: wnpa-sec-2024-08

Date: May 15, 2024

Affected versions: 4.2.0 to 4.2.4, 4.0.0 to 4.0.14, 3.6.0 to 3.6.22

Fixed versions: 4.2.5, 4.0.15, 3.6.23

References:

Wireshark issue 19724.
CVE-2024-4853.

Details

Description

The editcap command line utility could crash when chopping bytes from the beginning of a packet.

Impact

Discovered by Dawei Wang and Geng Zhou, from Zhongguancun Laboratory.

We are unaware of any active exploits for this issue. It may be possible to make editcap crash by convincing someone to read a malformed packet trace file.

Resolution

Upgrade to Wireshark 4.2.5, 4.0.15, 3.6.23 or later.