CVE-2024-0209 in Wiresharkinfo

Summary

by MITRE • 01/03/2024

IEEE 1609.2 dissector crash in Wireshark 4.2.0, 4.0.0 to 4.0.11, and 3.6.0 to 3.6.19 allows denial of service via packet injection or crafted capture file

If you want to get best quality of vulnerability data, you may have to visit VulDB.

Analysis

by VulDB Data Team • 04/20/2025

The vulnerability identified as CVE-2024-0209 represents a critical denial of service flaw within Wireshark's IEEE 1609.2 dissector implementation. This dissector is responsible for parsing and analyzing wireless communication protocols used in automotive and transportation systems, specifically those conforming to the IEEE 1609.2 standard for wireless access in vehicular environments. The flaw manifests in Wireshark versions 4.2.0, 4.0.0 through 4.0.11, and 3.6.0 through 3.6.19, creating a potential vector for attackers to disrupt network analysis operations. The vulnerability stems from inadequate input validation within the dissector's packet parsing logic, allowing malformed or specially crafted data structures to trigger unexpected behavior in the application's memory management systems.

The technical nature of this vulnerability aligns with CWE-121, which describes stack-based buffer overflow conditions, and CWE-122, representing heap-based buffer overflow scenarios. When Wireshark processes a packet containing malformed IEEE 1609.2 data, the dissector fails to properly validate the packet structure before attempting to parse it, leading to memory corruption that ultimately results in application crash. This behavior constitutes a classic denial of service condition where legitimate network traffic analysis capabilities are disrupted. The vulnerability can be exploited through two primary vectors: direct packet injection into a live network capture or by providing a crafted capture file containing maliciously formatted IEEE 1609.2 data. Both attack scenarios leverage the same underlying flaw in the dissector's parsing logic, making the vulnerability particularly concerning for network security professionals who rely on Wireshark for traffic analysis and incident response activities.

The operational impact of this vulnerability extends beyond simple application instability, affecting critical network monitoring and forensic analysis operations within automotive and transportation security domains. Security teams responsible for analyzing vehicular communication networks, conducting penetration testing, or performing network forensics may find their tools rendered unusable when encountering maliciously crafted packets. This disruption can compromise ongoing investigations, delay incident response activities, and potentially create false negatives in security monitoring systems. The vulnerability's presence in multiple version ranges indicates a persistent issue within the dissector implementation that has affected users across different Wireshark release cycles, suggesting that organizations may need to implement immediate mitigation strategies while awaiting official patches. The flaw's exploitation does not require advanced privileges or specialized knowledge, making it accessible to threat actors with basic network analysis capabilities.

Organizations should immediately implement mitigations including updating to patched versions of Wireshark where available, implementing network segmentation to isolate potentially malicious traffic, and employing additional validation layers before processing capture files. The ATT&CK framework categorizes this vulnerability under T1499.004, which describes network denial of service attacks, while also aligning with T1566.001 for spearphishing attachments that could contain malicious capture files. Network administrators should consider implementing automated monitoring for Wireshark instances in critical environments and establish procedures for handling potentially malicious capture files. The vulnerability underscores the importance of input validation and robust error handling in network analysis tools, particularly those processing data from specialized protocols like IEEE 1609.2 that are increasingly common in connected vehicle environments. Organizations should also consider maintaining backup analysis environments and implementing redundant monitoring systems to ensure continuity of operations despite potential exploitation of this vulnerability.

Responsible

GitLab Inc.

Reservation

01/03/2024

Disclosure

01/03/2024

Moderation

accepted

CPE

ready

EPSS

0.00579

KEV

no

Activities

very low

Sources

Want to stay up to date on a daily basis?

Enable the mail alert feature now!