{"id":"CVE-2024-24476","details":"A buffer overflow in Wireshark before 4.2.0 allows a remote attacker to cause a denial of service via the pan/addr_resolv.c, and ws_manuf_lookup_str(), size components. NOTE: this is disputed by the vendor because neither release 4.2.0 nor any other release was affected.","modified":"2026-04-10T20:14:02.268820Z","published":"2024-02-21T19:15:09.030Z","related":["SUSE-SU-2024:1347-1","SUSE-SU-2024:1354-1","openSUSE-SU-2024:14223-1"],"references":[{"type":"WEB","url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZT2BX7UARZVVWKITSZMHW7BHXGIKRSR2/"},{"type":"ADVISORY","url":"https://gist.github.com/1047524396/369ba0ccffe255cf8142208b6142be2b"},{"type":"REPORT","url":"https://gitlab.com/wireshark/wireshark/-/issues/19344"},{"type":"FIX","url":"https://github.com/wireshark/wireshark/commit/108217f4bb1afb8b25fc705c2722b3e328b1ad78"},{"type":"ARTICLE","url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZT2BX7UARZVVWKITSZMHW7BHXGIKRSR2/"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/wireshark/wireshark","events":[{"introduced":"0"},{"fixed":"54eedfc63953c8180b5a9c60015917cce7a2548a"},{"fixed":"108217f4bb1afb8b25fc705c2722b3e328b1ad78"}],"database_specific":{"versions":[{"introduced":"0"},{"fixed":"4.2.0"}]}}],"versions":["backups/ethereal@18706","ethereal-0-3-15","ethereal-0.3.15","start","v1.11.0","v1.11.0-rc1","v1.11.1","v1.11.1-rc1","v1.11.2","v1.11.2-rc1","v1.11.3","v1.11.3-rc1","v1.11.4-rc1","v1.99.0","v1.99.0-rc1","v1.99.1","v1.99.10rc0","v1.99.1rc0","v1.99.2","v1.99.2rc0","v1.99.3","v1.99.3rc0","v1.99.4","v1.99.4rc0","v1.99.5","v1.99.5rc0","v1.99.6","v1.99.6rc0","v1.99.7","v1.99.7rc0","v1.99.8","v1.99.8rc0","v1.99.9","v1.99.9rc0","v2.1.0","v2.1.0rc0","v2.1.1","v2.1.1rc0","v2.1.2rc0","v2.3.0rc0","v2.5.0","v2.5.0rc0","v2.5.1","v2.5.1rc0","v2.5.2rc0","v2.9.0","v2.9.0rc0","v2.9.1rc0","v3.1.0","v3.1.0rc0","v3.1.1","v3.1.1rc0","v3.1.2rc0","v3.3.0","v3.3.0rc0","v3.3.1","v3.3.1rc0","v3.3.2rc0","v3.5.0","v3.5.0rc0","v3.5.1rc0","v3.7.0","v3.7.0rc0","v3.7.1","v3.7.1rc0","v3.7.2","v3.7.2rc0","v3.7.3rc0","v4.1.0","v4.1.0rc0","v4.1.1rc0","v4.2.0rc0","v4.2.0rc1","v4.2.0rc2","v4.2.0rc3","wireshark-1.11.3","wireshark-1.99.0","wireshark-1.99.1","wireshark-1.99.2","wireshark-1.99.3","wireshark-1.99.4","wireshark-1.99.5","wireshark-1.99.6","wireshark-1.99.7","wireshark-1.99.8","wireshark-1.99.9","wireshark-2.1.0","wireshark-2.1.1","wireshark-2.5.0","wireshark-4.2.0rc2"],"database_specific":{"unresolved_ranges":[{"events":[{"introduced":"0"},{"last_affected":"40"}]}],"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2024-24476.json","vanir_signatures_modified":"2026-04-10T20:14:02Z","vanir_signatures":[{"signature_version":"v1","deprecated":false,"digest":{"function_hash":"64869991617680667987679701712757380711","length":652},"source":"https://github.com/wireshark/wireshark/commit/108217f4bb1afb8b25fc705c2722b3e328b1ad78","id":"CVE-2024-24476-335e307d","signature_type":"Function","target":{"file":"epan/addr_resolv.c","function":"manuf_name_lookup"}},{"signature_version":"v1","deprecated":false,"digest":{"function_hash":"327112229066726962030017281602337676369","length":2630},"source":"https://github.com/wireshark/wireshark/commit/108217f4bb1afb8b25fc705c2722b3e328b1ad78","id":"CVE-2024-24476-3c9557eb","signature_type":"Function","target":{"file":"epan/addr_resolv.c","function":"eth_addr_resolve"}},{"signature_version":"v1","deprecated":false,"digest":{"function_hash":"141829518137256805242423421328926734831","length":111},"source":"https://github.com/wireshark/wireshark/commit/108217f4bb1afb8b25fc705c2722b3e328b1ad78","id":"CVE-2024-24476-44c22ec4","signature_type":"Function","target":{"file":"epan/addr_resolv.c","function":"tvb_get_manuf_name_if_known"}},{"signature_version":"v1","deprecated":false,"digest":{"line_hashes":["163249786770657372262670140585000790051","62659079116235965437953061996128449160","18699353830641045870116467123024359915","63545482043146259232308963593903590226","79869819451333189423428438826523303053","154525083264853428062628783189616080702","263533288308023162300038053999888501677","210332864593856315800965390620535047010","235502332653504651602254194700222402911","114202363937616844031335500126281768164","331235518033505594591062449826872175762","55878109144647235983442166619261494930","282960378919573116410243110939880928735","30011475401824533819130713547965596131","252882472555859886816638516313106254643","80872011224085054296520772889399559530","243170643582847678831284973182230721030","158072653048069412175468435329221476857","183314880702547778759043900355966388917","216396516743798034724022093036300387695","332198559686379188264984429940391938466","316815244077377811223023773080643831164","131271276169749229395701114522445190802","111841708754348464131895146187355237949","302246485631560482358981525565576849465","32902854047851032323118957387925690962","192606266134903569570651761986258125192","260276440858173504553272307744355802763","237267255883114835886182163085949953683","197907143855965917954398071798577519301","203546777565078438260237576446621504913","99014576248697143187753323921344827079","297094180436992933015830464693295620473","219112455777770244453925627629930713835","107378671279949357551868089993426944176","177629851006410124808495743849307906905","337566578476952431513557302235442363614","20986132909884208691697365600566853376","25009463907644462464071382685659283658","253516655130867723002955961260926220374","202227345154427760161072719099548562449","221803857096300747070648961545574386029"],"threshold":0.9},"source":"https://github.com/wireshark/wireshark/commit/108217f4bb1afb8b25fc705c2722b3e328b1ad78","id":"CVE-2024-24476-78f261d2","signature_type":"Line","target":{"file":"epan/addr_resolv.c"}},{"signature_version":"v1","deprecated":false,"digest":{"function_hash":"263022340891102912007495418981779080098","length":504},"source":"https://github.com/wireshark/wireshark/commit/108217f4bb1afb8b25fc705c2722b3e328b1ad78","id":"CVE-2024-24476-7eae66d3","signature_type":"Function","target":{"file":"epan/addr_resolv.c","function":"get_manuf_name_if_known"}},{"signature_version":"v1","deprecated":false,"digest":{"function_hash":"141829518137256805242423421328926734831","length":111},"source":"https://github.com/wireshark/wireshark/commit/108217f4bb1afb8b25fc705c2722b3e328b1ad78","id":"CVE-2024-24476-9da8f8a7","signature_type":"Function","target":{"file":"epan/addr_resolv.c","function":"tvb_get_manuf_name"}},{"signature_version":"v1","deprecated":false,"digest":{"function_hash":"220302311044783339934122504270373962249","length":821},"source":"https://github.com/wireshark/wireshark/commit/108217f4bb1afb8b25fc705c2722b3e328b1ad78","id":"CVE-2024-24476-b54f6642","signature_type":"Function","target":{"file":"epan/address_types.c","function":"fcwwn_name_res_str"}},{"signature_version":"v1","deprecated":false,"digest":{"line_hashes":["162160025017223911492004775621921758754","314599983375630292572805227507028128274","203606091774808091021988436392303352642","205168251090287461307741525487073965925","162357176935930267357556558981436945916"],"threshold":0.9},"source":"https://github.com/wireshark/wireshark/commit/108217f4bb1afb8b25fc705c2722b3e328b1ad78","id":"CVE-2024-24476-bd2521f5","signature_type":"Line","target":{"file":"epan/addr_resolv.h"}},{"signature_version":"v1","deprecated":false,"digest":{"line_hashes":["145649319263837581858468755939193365479","198642503048263447119008168881155411605","8772927120716622162591244173106130188","23823612268472128605814942972829120709","332853418731333412522834467311748703323","309096208536835732977944422597415169099","12836749797361334177322478224953118691","72798540981802151164257578002793125848"],"threshold":0.9},"source":"https://github.com/wireshark/wireshark/commit/108217f4bb1afb8b25fc705c2722b3e328b1ad78","id":"CVE-2024-24476-eb7284d7","signature_type":"Line","target":{"file":"epan/address_types.c"}},{"signature_version":"v1","deprecated":false,"digest":{"function_hash":"177950582842068489161232153577195344072","length":674},"source":"https://github.com/wireshark/wireshark/commit/108217f4bb1afb8b25fc705c2722b3e328b1ad78","id":"CVE-2024-24476-ec96a5e7","signature_type":"Function","target":{"file":"epan/addr_resolv.c","function":"eui64_to_display"}},{"signature_version":"v1","deprecated":false,"digest":{"function_hash":"178146637989666461683648086218140456061","length":228},"source":"https://github.com/wireshark/wireshark/commit/108217f4bb1afb8b25fc705c2722b3e328b1ad78","id":"CVE-2024-24476-f2d6fb44","signature_type":"Function","target":{"file":"epan/addr_resolv.c","function":"get_manuf_name"}}]}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}]}