Bugzilla – Bug 1220181
VUL-0: CVE-2024-24476: wireshark: Buffer Overflow via pan/addr_resolv.c and ws_manuf_lookup_str() results in Denial of Service
Last modified: 2024-06-24 18:50:15 UTC
Buffer Overflow vulnerability in Wireshark team Wireshark before v.4.2.0 allows a remote attacker to cause a denial of service via the pan/addr_resolv.c, and ws_manuf_lookup_str(), size components. References: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2024-24476 https://gist.github.com/1047524396/369ba0ccffe255cf8142208b6142be2b https://github.com/wireshark/wireshark/commit/108217f4bb1afb8b25fc705c2722b3e328b1ad78 https://gitlab.com/wireshark/wireshark/-/issues/19344 https://www.cve.org/CVERecord?id=CVE-2024-24476 https://bugzilla.redhat.com/show_bug.cgi?id=2265435
submitted, back to the bot
SUSE-SU-2024:1347-1: An update that solves one vulnerability can now be installed. Category: security (important) Bug References: 1220181 CVE References: CVE-2024-24476 Maintenance Incident: [SUSE:Maintenance:33427](https://smelt.suse.de/incident/33427/) Sources used: openSUSE Leap 15.5 (src): wireshark-3.6.22-150000.3.112.1 Basesystem Module 15-SP5 (src): wireshark-3.6.22-150000.3.112.1 Desktop Applications Module 15-SP5 (src): wireshark-3.6.22-150000.3.112.1 SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 (src): wireshark-3.6.22-150000.3.112.1 SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (src): wireshark-3.6.22-150000.3.112.1 SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 (src): wireshark-3.6.22-150000.3.112.1 SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 (src): wireshark-3.6.22-150000.3.112.1 SUSE Linux Enterprise Desktop 15 SP4 LTSS 15-SP4 (src): wireshark-3.6.22-150000.3.112.1 SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 (src): wireshark-3.6.22-150000.3.112.1 SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (src): wireshark-3.6.22-150000.3.112.1 SUSE Linux Enterprise Server 15 SP4 LTSS 15-SP4 (src): wireshark-3.6.22-150000.3.112.1 SUSE Linux Enterprise Server for SAP Applications 15 SP2 (src): wireshark-3.6.22-150000.3.112.1 SUSE Linux Enterprise Server for SAP Applications 15 SP3 (src): wireshark-3.6.22-150000.3.112.1 SUSE Linux Enterprise Server for SAP Applications 15 SP4 (src): wireshark-3.6.22-150000.3.112.1 SUSE Manager Proxy 4.3 (src): wireshark-3.6.22-150000.3.112.1 SUSE Manager Retail Branch Server 4.3 (src): wireshark-3.6.22-150000.3.112.1 SUSE Manager Server 4.3 (src): wireshark-3.6.22-150000.3.112.1 SUSE Enterprise Storage 7.1 (src): wireshark-3.6.22-150000.3.112.1 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
SUSE-SU-2024:1354-1: An update that solves one vulnerability can now be installed. Category: security (important) Bug References: 1220181 CVE References: CVE-2024-24476 Maintenance Incident: [SUSE:Maintenance:33433](https://smelt.suse.de/incident/33433/) Sources used: SUSE Linux Enterprise Software Development Kit 12 SP5 (src): wireshark-2.4.16-48.54.1 SUSE Linux Enterprise High Performance Computing 12 SP5 (src): wireshark-2.4.16-48.54.1 SUSE Linux Enterprise Server 12 SP5 (src): wireshark-2.4.16-48.54.1 SUSE Linux Enterprise Server for SAP Applications 12 SP5 (src): wireshark-2.4.16-48.54.1 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.