It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2025-837 advisory.

    ECMP dissector crash in Wireshark 4.4.0 to 4.4.1 and 4.2.0 to 4.2.8 allows denial of service via packet     injection or crafted capture file (CVE-2024-11596)

    Buffer Overflow vulnerability in Wireshark team Wireshark before v.4.2.0 allows a remote attacker to cause     a denial of service via the wsutil/to_str.c, and format_fractional_part_nsecs components. (CVE-2024-24479)

    NTLMSSP dissector crash in Wireshark 4.2.0 to 4.0.6 and 4.0.0 to 4.0.16 allows denial of service via     packet injection or crafted capture file (CVE-2024-8250)

    SPRT dissector crash in Wireshark 4.2.0 to 4.0.5 and 4.0.0 to 4.0.15 allows denial of service via packet     injection or crafted capture file (CVE-2024-8645)

    AppleTalk and RELOAD Framing dissector crash in Wireshark 4.4.0 and 4.2.0 to 4.2.7 allows denial of     service via packet injection or crafted capture file (CVE-2024-9781)

Tenable has extracted the preceding description block directly from the tested product security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Detections

Analytics

Amazon Linux 2023 : wireshark-cli, wireshark-devel (ALAS2023-2025-837)

high Nessus Plugin ID 215035

Version 1.4