{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2024-0211", "assignerOrgId": "ceab7361-8a18-47b1-92ba-4d7d25f6715a", "state": "PUBLISHED", "assignerShortName": "GitLab", "dateReserved": "2024-01-03T07:31:05.652Z", "datePublished": "2024-01-03T07:31:30.639Z", "dateUpdated": "2025-11-03T21:50:53.647Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "Wireshark", "vendor": "Wireshark Foundation", "versions": [{"lessThan": "4.2.1", "status": "affected", "version": "4.2.0", "versionType": "semver"}]}], "descriptions": [{"lang": "en", "value": "DOCSIS dissector crash in Wireshark 4.2.0 allows denial of service via packet injection or crafted capture file"}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-835", "description": "CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop')", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "ceab7361-8a18-47b1-92ba-4d7d25f6715a", "shortName": "GitLab", "dateUpdated": "2024-10-03T06:23:17.810Z"}, "references": [{"url": "https://www.wireshark.org/security/wnpa-sec-2024-05.html"}, {"name": "GitLab Issue #19557", "tags": ["issue-tracking"], "url": "https://gitlab.com/wireshark/wireshark/-/issues/19557"}], "solutions": [{"lang": "en", "value": "Upgrade to versions 4.2.0 or above."}], "title": "Loop with Unreachable Exit Condition ('Infinite Loop') in Wireshark"}, "adp": [{"title": "CVE Program Container", "references": [{"url": "https://www.wireshark.org/security/wnpa-sec-2024-05.html", "tags": ["x_transferred"]}, {"url": "https://gitlab.com/wireshark/wireshark/-/issues/19557", "name": "GitLab Issue #19557", "tags": ["issue-tracking", "x_transferred"]}, {"url": "https://lists.debian.org/debian-lts-announce/2024/09/msg00049.html"}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2025-11-03T21:50:53.647Z"}}, {"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-05-08T15:36:29.773383Z", "id": "CVE-2024-0211", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-06-03T14:44:08.104Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://www.wireshark.org/security/wnpa-sec-2024-05.html", "tags": ["x_transferred"]}, {"url": "https://gitlab.com/wireshark/wireshark/-/issues/19557", "name": "GitLab Issue #19557", "tags": ["issue-tracking", "x_transferred"]}, {"url": "https://lists.debian.org/debian-lts-announce/2024/09/msg00049.html"}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2025-11-03T21:50:53.647Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-0211", "role": "CISA Coordinator", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2025-05-08T15:36:29.773383Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-05-08T15:36:31.466Z"}}], "cna": {"title": "Loop with Unreachable Exit Condition ('Infinite Loop') in Wireshark", "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.8, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "Wireshark Foundation", "product": "Wireshark", "versions": [{"status": "affected", "version": "4.2.0", "lessThan": "4.2.1", "versionType": "semver"}], "defaultStatus": "unaffected"}], "solutions": [{"lang": "en", "value": "Upgrade to versions 4.2.0 or above."}], "references": [{"url": "https://www.wireshark.org/security/wnpa-sec-2024-05.html"}, {"url": "https://gitlab.com/wireshark/wireshark/-/issues/19557", "name": "GitLab Issue #19557", "tags": ["issue-tracking"]}], "descriptions": [{"lang": "en", "value": "DOCSIS dissector crash in Wireshark 4.2.0 allows denial of service via packet injection or crafted capture file"}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-835", "description": "CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop')"}]}], "providerMetadata": {"orgId": "ceab7361-8a18-47b1-92ba-4d7d25f6715a", "shortName": "GitLab", "dateUpdated": "2024-10-03T06:23:17.810Z"}}}, "cveMetadata": {"cveId": "CVE-2024-0211", "state": "PUBLISHED", "dateUpdated": "2025-11-03T21:50:53.647Z", "dateReserved": "2024-01-03T07:31:05.652Z", "assignerOrgId": "ceab7361-8a18-47b1-92ba-4d7d25f6715a", "datePublished": "2024-01-03T07:31:30.639Z", "assignerShortName": "GitLab"}, "dataVersion": "5.2"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:wireshark:wireshark:4.2.0:*:*:*:*:*:*:*", "matchCriteriaId": "1F212AE9-0C17-4994-8B70-853E941D27E4", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "DOCSIS dissector crash in Wireshark 4.2.0 allows denial of service via packet injection or crafted capture file"}, {"lang": "es", "value": "El fallo del disector DOCSIS en Wireshark 4.2.0 permite la denegaci\u00f3n de servicio mediante inyecci\u00f3n de paquetes o archivo de captura manipulado"}], "id": "CVE-2024-0211", "lastModified": "2025-11-03T22:16:33.783", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 5.9, "source": "cve@gitlab.com", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2024-01-03T08:15:11.443", "references": [{"source": "cve@gitlab.com", "tags": ["Exploit", "Issue Tracking", "Vendor Advisory"], "url": "https://gitlab.com/wireshark/wireshark/-/issues/19557"}, {"source": "cve@gitlab.com", "tags": ["Issue Tracking", "Vendor Advisory"], "url": "https://www.wireshark.org/security/wnpa-sec-2024-05.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit", "Issue Tracking", "Vendor Advisory"], "url": "https://gitlab.com/wireshark/wireshark/-/issues/19557"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://lists.debian.org/debian-lts-announce/2024/09/msg00049.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Issue Tracking", "Vendor Advisory"], "url": "https://www.wireshark.org/security/wnpa-sec-2024-05.html"}], "sourceIdentifier": "cve@gitlab.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-835"}], "source": "cve@gitlab.com", "type": "Secondary"}, {"description": [{"lang": "en", "value": "CWE-835"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"bugzilla": {"description": "wireshark: DOCSIS dissector crash via packet injection or crafted capture file", "id": "2256652", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2256652"}, "csaw": false, "cvss3": {"cvss3_base_score": "5.5", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "status": "draft"}, "cwe": "CWE-674", "details": ["DOCSIS dissector crash in Wireshark 4.2.0 allows denial of service via packet injection or crafted capture file", "A flaw was found in the DOCSIS dissector of Wireshark. It may be possible to make Wireshark crash by injecting a malformed packet onto the wire or by convincing someone to read a malformed packet trace file."], "name": "CVE-2024-0211", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Not affected", "package_name": "wireshark", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "wireshark", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "wireshark", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "wireshark", "product_name": "Red Hat Enterprise Linux 9"}], "public_date": "2024-01-03T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2024-0211\nhttps://nvd.nist.gov/vuln/detail/CVE-2024-0211\nhttps://www.wireshark.org/security/wnpa-sec-2024-05.html"], "statement": "Red Hat Enterprise Linux 6, 7, 8 and 9 are not affected by this CVE as they shipped an older version of Wireshark that did not include the vulnerable code.", "threat_severity": "Moderate"}