CVE-2024-24476

See a problem?
Please try reporting it to the source first.
Source
https://nvd.nist.gov/vuln/detail/CVE-2024-24476
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2024-24476.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2024-24476
Downstream
Related
Published
2024-02-21T19:15:09.030Z
Modified
2025-11-20T15:15:15.326893Z
Severity
  • 7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVSS Calculator
Summary
[none]
Details

A buffer overflow in Wireshark before 4.2.0 allows a remote attacker to cause a denial of service via the pan/addrresolv.c, and wsmanuflookupstr(), size components. NOTE: this is disputed by the vendor because neither release 4.2.0 nor any other release was affected.

Database specific 
{
    "isDisputed": true
}
References

Affected packages

Git / github.com/wireshark/wireshark

Affected ranges

Type
GIT
Repo
https://github.com/wireshark/wireshark
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
108217f4bb1afb8b25fc705c2722b3e328b1ad78

Affected versions

Other

backups/ethereal@18706
ethereal-0-3-15
start

ethereal-0.*

ethereal-0.3.15

v1.*

v1.11.0
v1.11.0-rc1
v1.11.1
v1.11.1-rc1
v1.11.2
v1.11.2-rc1
v1.11.3
v1.11.3-rc1
v1.11.4-rc1
v1.99.0
v1.99.0-rc1
v1.99.1
v1.99.10rc0
v1.99.1rc0
v1.99.2
v1.99.2rc0
v1.99.3
v1.99.3rc0
v1.99.4
v1.99.4rc0
v1.99.5
v1.99.5rc0
v1.99.6
v1.99.6rc0
v1.99.7
v1.99.7rc0
v1.99.8
v1.99.8rc0
v1.99.9
v1.99.9rc0

v2.*

v2.1.0
v2.1.0rc0
v2.1.1
v2.1.1rc0
v2.1.2rc0
v2.3.0rc0
v2.5.0
v2.5.0rc0
v2.5.1
v2.5.1rc0
v2.5.2rc0
v2.9.0
v2.9.0rc0
v2.9.1rc0

v3.*

v3.1.0
v3.1.0rc0
v3.1.1
v3.1.1rc0
v3.1.2rc0
v3.3.0
v3.3.0rc0
v3.3.1
v3.3.1rc0
v3.3.2rc0
v3.5.0
v3.5.0rc0
v3.5.1rc0
v3.7.0
v3.7.0rc0
v3.7.1
v3.7.1rc0
v3.7.2
v3.7.2rc0
v3.7.3rc0

v4.*

v4.1.0
v4.1.0rc0
v4.1.1rc0

wireshark-1.*

wireshark-1.11.3
wireshark-1.99.0
wireshark-1.99.1
wireshark-1.99.2
wireshark-1.99.3
wireshark-1.99.4
wireshark-1.99.5
wireshark-1.99.6
wireshark-1.99.7
wireshark-1.99.8
wireshark-1.99.9

wireshark-2.*

wireshark-2.1.0
wireshark-2.1.1
wireshark-2.5.0

Database specific

vanir_signatures

[
    {
        "id": "CVE-2024-24476-335e307d",
        "digest": {
            "function_hash": "64869991617680667987679701712757380711",
            "length": 652.0
        },
        "source": "https://github.com/wireshark/wireshark/commit/108217f4bb1afb8b25fc705c2722b3e328b1ad78",
        "target": {
            "file": "epan/addr_resolv.c",
            "function": "manuf_name_lookup"
        },
        "deprecated": false,
        "signature_type": "Function",
        "signature_version": "v1"
    },
    {
        "id": "CVE-2024-24476-3c9557eb",
        "digest": {
            "function_hash": "327112229066726962030017281602337676369",
            "length": 2630.0
        },
        "source": "https://github.com/wireshark/wireshark/commit/108217f4bb1afb8b25fc705c2722b3e328b1ad78",
        "target": {
            "file": "epan/addr_resolv.c",
            "function": "eth_addr_resolve"
        },
        "deprecated": false,
        "signature_type": "Function",
        "signature_version": "v1"
    },
    {
        "id": "CVE-2024-24476-44c22ec4",
        "digest": {
            "function_hash": "141829518137256805242423421328926734831",
            "length": 111.0
        },
        "source": "https://github.com/wireshark/wireshark/commit/108217f4bb1afb8b25fc705c2722b3e328b1ad78",
        "target": {
            "file": "epan/addr_resolv.c",
            "function": "tvb_get_manuf_name_if_known"
        },
        "deprecated": false,
        "signature_type": "Function",
        "signature_version": "v1"
    },
    {
        "id": "CVE-2024-24476-78f261d2",
        "digest": {
            "line_hashes": [
                "163249786770657372262670140585000790051",
                "62659079116235965437953061996128449160",
                "18699353830641045870116467123024359915",
                "63545482043146259232308963593903590226",
                "79869819451333189423428438826523303053",
                "154525083264853428062628783189616080702",
                "263533288308023162300038053999888501677",
                "210332864593856315800965390620535047010",
                "235502332653504651602254194700222402911",
                "114202363937616844031335500126281768164",
                "331235518033505594591062449826872175762",
                "55878109144647235983442166619261494930",
                "282960378919573116410243110939880928735",
                "30011475401824533819130713547965596131",
                "252882472555859886816638516313106254643",
                "80872011224085054296520772889399559530",
                "243170643582847678831284973182230721030",
                "158072653048069412175468435329221476857",
                "183314880702547778759043900355966388917",
                "216396516743798034724022093036300387695",
                "332198559686379188264984429940391938466",
                "316815244077377811223023773080643831164",
                "131271276169749229395701114522445190802",
                "111841708754348464131895146187355237949",
                "302246485631560482358981525565576849465",
                "32902854047851032323118957387925690962",
                "192606266134903569570651761986258125192",
                "260276440858173504553272307744355802763",
                "237267255883114835886182163085949953683",
                "197907143855965917954398071798577519301",
                "203546777565078438260237576446621504913",
                "99014576248697143187753323921344827079",
                "297094180436992933015830464693295620473",
                "219112455777770244453925627629930713835",
                "107378671279949357551868089993426944176",
                "177629851006410124808495743849307906905",
                "337566578476952431513557302235442363614",
                "20986132909884208691697365600566853376",
                "25009463907644462464071382685659283658",
                "253516655130867723002955961260926220374",
                "202227345154427760161072719099548562449",
                "221803857096300747070648961545574386029"
            ],
            "threshold": 0.9
        },
        "source": "https://github.com/wireshark/wireshark/commit/108217f4bb1afb8b25fc705c2722b3e328b1ad78",
        "target": {
            "file": "epan/addr_resolv.c"
        },
        "deprecated": false,
        "signature_type": "Line",
        "signature_version": "v1"
    },
    {
        "id": "CVE-2024-24476-7eae66d3",
        "digest": {
            "function_hash": "263022340891102912007495418981779080098",
            "length": 504.0
        },
        "source": "https://github.com/wireshark/wireshark/commit/108217f4bb1afb8b25fc705c2722b3e328b1ad78",
        "target": {
            "file": "epan/addr_resolv.c",
            "function": "get_manuf_name_if_known"
        },
        "deprecated": false,
        "signature_type": "Function",
        "signature_version": "v1"
    },
    {
        "id": "CVE-2024-24476-9da8f8a7",
        "digest": {
            "function_hash": "141829518137256805242423421328926734831",
            "length": 111.0
        },
        "source": "https://github.com/wireshark/wireshark/commit/108217f4bb1afb8b25fc705c2722b3e328b1ad78",
        "target": {
            "file": "epan/addr_resolv.c",
            "function": "tvb_get_manuf_name"
        },
        "deprecated": false,
        "signature_type": "Function",
        "signature_version": "v1"
    },
    {
        "id": "CVE-2024-24476-b54f6642",
        "digest": {
            "function_hash": "220302311044783339934122504270373962249",
            "length": 821.0
        },
        "source": "https://github.com/wireshark/wireshark/commit/108217f4bb1afb8b25fc705c2722b3e328b1ad78",
        "target": {
            "file": "epan/address_types.c",
            "function": "fcwwn_name_res_str"
        },
        "deprecated": false,
        "signature_type": "Function",
        "signature_version": "v1"
    },
    {
        "id": "CVE-2024-24476-bd2521f5",
        "digest": {
            "line_hashes": [
                "162160025017223911492004775621921758754",
                "314599983375630292572805227507028128274",
                "203606091774808091021988436392303352642",
                "205168251090287461307741525487073965925",
                "162357176935930267357556558981436945916"
            ],
            "threshold": 0.9
        },
        "source": "https://github.com/wireshark/wireshark/commit/108217f4bb1afb8b25fc705c2722b3e328b1ad78",
        "target": {
            "file": "epan/addr_resolv.h"
        },
        "deprecated": false,
        "signature_type": "Line",
        "signature_version": "v1"
    },
    {
        "id": "CVE-2024-24476-eb7284d7",
        "digest": {
            "line_hashes": [
                "145649319263837581858468755939193365479",
                "198642503048263447119008168881155411605",
                "8772927120716622162591244173106130188",
                "23823612268472128605814942972829120709",
                "332853418731333412522834467311748703323",
                "309096208536835732977944422597415169099",
                "12836749797361334177322478224953118691",
                "72798540981802151164257578002793125848"
            ],
            "threshold": 0.9
        },
        "source": "https://github.com/wireshark/wireshark/commit/108217f4bb1afb8b25fc705c2722b3e328b1ad78",
        "target": {
            "file": "epan/address_types.c"
        },
        "deprecated": false,
        "signature_type": "Line",
        "signature_version": "v1"
    },
    {
        "id": "CVE-2024-24476-ec96a5e7",
        "digest": {
            "function_hash": "177950582842068489161232153577195344072",
            "length": 674.0
        },
        "source": "https://github.com/wireshark/wireshark/commit/108217f4bb1afb8b25fc705c2722b3e328b1ad78",
        "target": {
            "file": "epan/addr_resolv.c",
            "function": "eui64_to_display"
        },
        "deprecated": false,
        "signature_type": "Function",
        "signature_version": "v1"
    },
    {
        "id": "CVE-2024-24476-f2d6fb44",
        "digest": {
            "function_hash": "178146637989666461683648086218140456061",
            "length": 228.0
        },
        "source": "https://github.com/wireshark/wireshark/commit/108217f4bb1afb8b25fc705c2722b3e328b1ad78",
        "target": {
            "file": "epan/addr_resolv.c",
            "function": "get_manuf_name"
        },
        "deprecated": false,
        "signature_type": "Function",
        "signature_version": "v1"
    }
]

Git / gitlab.com/wireshark/wireshark

Affected ranges

Type
GIT
Repo
https://gitlab.com/wireshark/wireshark
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
54eedfc63953c8180b5a9c60015917cce7a2548a

Affected versions

Other

backups/ethereal@18706
ethereal-0-3-15
start

ethereal-0.*

ethereal-0.3.15

v1.*

v1.11.0
v1.11.0-rc1
v1.11.1
v1.11.1-rc1
v1.11.2
v1.11.2-rc1
v1.11.3
v1.11.3-rc1
v1.11.4-rc1
v1.99.0
v1.99.0-rc1
v1.99.1
v1.99.10rc0
v1.99.1rc0
v1.99.2
v1.99.2rc0
v1.99.3
v1.99.3rc0
v1.99.4
v1.99.4rc0
v1.99.5
v1.99.5rc0
v1.99.6
v1.99.6rc0
v1.99.7
v1.99.7rc0
v1.99.8
v1.99.8rc0
v1.99.9
v1.99.9rc0

v2.*

v2.1.0
v2.1.0rc0
v2.1.1
v2.1.1rc0
v2.1.2rc0
v2.3.0rc0
v2.5.0
v2.5.0rc0
v2.5.1
v2.5.1rc0
v2.5.2rc0
v2.9.0
v2.9.0rc0
v2.9.1rc0

v3.*

v3.1.0
v3.1.0rc0
v3.1.1
v3.1.1rc0
v3.1.2rc0
v3.3.0
v3.3.0rc0
v3.3.1
v3.3.1rc0
v3.3.2rc0
v3.5.0
v3.5.0rc0
v3.5.1rc0
v3.7.0
v3.7.0rc0
v3.7.1
v3.7.1rc0
v3.7.2
v3.7.2rc0
v3.7.3rc0

v4.*

v4.1.0
v4.1.0rc0
v4.1.1rc0
v4.2.0rc0
v4.2.0rc1
v4.2.0rc2
v4.2.0rc3

wireshark-1.*

wireshark-1.11.3
wireshark-1.99.0
wireshark-1.99.1
wireshark-1.99.2
wireshark-1.99.3
wireshark-1.99.4
wireshark-1.99.5
wireshark-1.99.6
wireshark-1.99.7
wireshark-1.99.8
wireshark-1.99.9

wireshark-2.*

wireshark-2.1.0
wireshark-2.1.1
wireshark-2.5.0

wireshark-4.*

wireshark-4.2.0rc2