New Wireshark version closes two crash vulnerabilities
Attackers were able to crash previous versions of the network analysis tool Wireshark. Recent updates also bring back RTCP analysis.
(Image: Bild erstellt mit KI in Bing Designer durch heise online / dmk)
If attacks on Wireshark are successful, attackers can cause the application to crash. Current versions are protected against such attacks.
Security update available
Videos by heise
In a post, the developers state that they have closed two security vulnerabilities in the current version 4.4.2. If attackers successfully exploit the first software vulnerability, they can overload the CPU by sending a prepared packet (CVE-2024-11595"high"). In the second case, the application can crash when processing a special request (CVE-2024-11596 "high").
In addition to Wireshark 4.4.2, version 4.2.9 is also protected against the attacks described. The developers state that there are currently no indications of exploits for the vulnerabilities.
However, the developers have not only solved security problems, but also fixed some bugs. For example, iPhone mirroring under macOS is no longer interrupted. In addition, the processing of RTCP packets works again, which was disrupted from version 4.4.1. In addition, the current version now supports new protocols such as ARTNET and ZigBEE ZCL.
(des)
