CVE-2024-9780

HIGH

Published Oct 10, 2024 Modified Oct 17, 2024 CWE-456 CWE-909

Description

ITS dissector crash in Wireshark 4.4.0 allows denial of service via packet injection or crafted capture file

CVSS v3.1 Score

7.8

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Weakness Type (CWE)

CWE-456 CWE-456

CWE-909 CWE-909

Affected Products

Vendor	Product	Versions
wireshark	wireshark	All

References

Advisories & Patches

https://www.wireshark.org/security/wnpa-sec-2024-12.html

Exploits

https://gitlab.com/wireshark/wireshark/-/issues/20026

Frequently Asked Questions

What is CVE-2024-9780? +

ITS dissector crash in Wireshark 4.4.0 allows denial of service via packet injection or crafted capture file It has a CVSS v3.1 base score of 7.8 (HIGH).

How severe is CVE-2024-9780? +

CVE-2024-9780 has a CVSS v3.1 score of 7.8 out of 10, rated HIGH. This is a high-severity vulnerability that should be prioritized for patching.

What products are affected by CVE-2024-9780? +

CVE-2024-9780 affects products from wireshark, specifically: wireshark. Check the affected products table above for specific version ranges.

How do I check if I'm vulnerable to CVE-2024-9780? +

You can use Secably's free Website Scanner to check your website for known vulnerabilities. For infrastructure scanning, use the Port Scanner to identify exposed services that may be affected. Check the vendor advisories linked above for specific patch and version information.

Related Vulnerabilities

CVE-2024-54131

The Kolide Agent (aka: Launcher) is the lightweight agent designed to work with Kolide's service. An implementation bug in the …

CVE-2024-32878 7.1

Llama.cpp is LLM inference in C/C++. There is a use of uninitialized heap variable vulnerability in gguf_init_from_file, the code will …

CVE-2026-5402 8.8

TLS protocol dissector heap overflow in Wireshark 4.6.0 to 4.6.4 allows denial of service and possible code execution

CVE-2026-5405 7.8

RDP protocol dissector crash in Wireshark 4.6.0 to 4.6.4 and 4.4.0 to 4.4.14 allows denial of service and possible code …

CVE-2026-5403 7.8

SBC codec crash in Wireshark 4.6.0 to 4.6.4 and 4.4.0 to 4.4.14 allows denial of service and possible code execution

CVE-2024-0207 7.8

HTTP3 dissector crash in Wireshark 4.2.0 allows denial of service via packet injection or crafted capture file

Quick Facts

CVSS Score: 7.8
Severity: HIGH
Published: Oct 10, 2024

Scan for this vulnerability

Check if your website or infrastructure is affected by CVE-2024-9780.

Website Scan Port Scan

Browse CVEs

Critical High CISA KEV ! Most likely exploited →