NTLMSSP dissector crash in Wireshark 4.2.0 to 4.0.6 and 4.0.0 to 4.0.16 allows denial of service via packet injection or crafted capture file
History

Fri, 30 Aug 2024 17:00:00 +0000

Type Values Removed Values Added
Weaknesses CWE-787

Thu, 29 Aug 2024 20:30:00 +0000

Type Values Removed Values Added
First Time appeared Wireshark
Wireshark wireshark
CPEs cpe:2.3:a:wireshark:wireshark:*:*:*:*:*:*:*:*
Vendors & Products Wireshark
Wireshark wireshark
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'poc', 'Technical Impact': 'total'}, 'version': '2.0.3'}


Thu, 29 Aug 2024 07:15:00 +0000

Type Values Removed Values Added
References
Metrics threat_severity

None

threat_severity

Moderate


Wed, 28 Aug 2024 23:45:00 +0000

Type Values Removed Values Added
Description NTLMSSP dissector crash in Wireshark 4.2.0 to 4.0.6 and 4.0.0 to 4.0.16 allows denial of service via packet injection or crafted capture file
Title Expired Pointer Dereference in Wireshark
Weaknesses CWE-825
References
Metrics cvssV3_1

{'score': 7.8, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H'}


cve-icon MITRE

Status: PUBLISHED

Assigner: GitLab

Published: 2024-08-28T23:30:36.975Z

Updated: 2024-08-29T15:05:01.394Z

Reserved: 2024-08-27T23:30:38.599Z

Link: CVE-2024-8250

cve-icon Vulnrichment

Updated: 2024-08-29T13:48:35.098Z

cve-icon NVD

Status : Analyzed

Published: 2024-08-29T00:15:09.370

Modified: 2024-08-30T16:32:16.917

Link: CVE-2024-8250

cve-icon Redhat

Severity : Moderate

Publid Date: 2024-08-29T00:15:09Z

Links: CVE-2024-8250 - Bugzilla