Join us June 15-20 for SharkFest'24 US, the official Wireshark Developer & User Conference

wnpa-sec-2024-09 · Editcap secret injection crash

Summary

Name: Editcap secret injection crash

Docid: wnpa-sec-2024-09

Date: May 15, 2024

Affected versions: 4.2.0 to 4.2.4, 4.0.0 to 4.0.14, 3.6.0 to 3.6.23

Fixed versions: 4.2.5, 4.0.15, 3.6.24

References:

Wireshark issue 19782.
Wireshark issue 19783.
Wireshark issue 19784.
CVE-2024-4855.

Details

Description

The editcap command line utility could crash when injecting secrets while writing multiple files.

Impact

Discovered by Dawei Wang and Geng Zhou, from Zhongguancun Laboratory.

We are unaware of any active exploits for this issue. It may be possible to make editcap crash by convincing someone to read a malformed packet trace file.

Resolution

Upgrade to Wireshark 4.2.5, 4.0.15, 3.6.24 or later.