{"id":"CVE-2024-24478","details":"An issue in Wireshark before 4.2.0 allows a remote attacker to cause a denial of service via the packet-bgp.c, dissect_bgp_open(tvbuff_t*tvb, proto_tree*tree, packet_info*pinfo), optlen components. NOTE: this is disputed by the vendor because neither release 4.2.0 nor any other release was affected.","modified":"2026-04-12T08:03:53.273285Z","published":"2024-02-21T17:15:09.567Z","references":[{"type":"ADVISORY","url":"https://gist.github.com/1047524396/e82c55147cd3cb62ef20cbdb0ec83694"},{"type":"REPORT","url":"https://gitlab.com/wireshark/wireshark/-/issues/19347"},{"type":"FIX","url":"https://github.com/wireshark/wireshark/commit/80a4dc55f4d2fa33c2b36a99406500726d3faaef"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/wireshark/wireshark","events":[{"introduced":"0"},{"fixed":"54eedfc63953c8180b5a9c60015917cce7a2548a"},{"fixed":"80a4dc55f4d2fa33c2b36a99406500726d3faaef"}],"database_specific":{"versions":[{"introduced":"0"},{"fixed":"4.2.0"}]}}],"versions":["backups/ethereal@18706","ethereal-0-3-15","ethereal-0.3.15","start","v1.11.0","v1.11.0-rc1","v1.11.1","v1.11.1-rc1","v1.11.2","v1.11.2-rc1","v1.11.3","v1.11.3-rc1","v1.11.4-rc1","v1.99.0","v1.99.0-rc1","v1.99.1","v1.99.10rc0","v1.99.1rc0","v1.99.2","v1.99.2rc0","v1.99.3","v1.99.3rc0","v1.99.4","v1.99.4rc0","v1.99.5","v1.99.5rc0","v1.99.6","v1.99.6rc0","v1.99.7","v1.99.7rc0","v1.99.8","v1.99.8rc0","v1.99.9","v1.99.9rc0","v2.1.0","v2.1.0rc0","v2.1.1","v2.1.1rc0","v2.1.2rc0","v2.3.0rc0","v2.5.0","v2.5.0rc0","v2.5.1","v2.5.1rc0","v2.5.2rc0","v2.9.0","v2.9.0rc0","v2.9.1rc0","v3.1.0","v3.1.0rc0","v3.1.1","v3.1.1rc0","v3.1.2rc0","v3.3.0","v3.3.0rc0","v3.3.1","v3.3.1rc0","v3.3.2rc0","v3.5.0","v3.5.0rc0","v3.5.1rc0","v3.7.0","v3.7.0rc0","v3.7.1","v3.7.1rc0","v3.7.2","v3.7.2rc0","v3.7.3rc0","v4.1.0","v4.1.0rc0","v4.1.1rc0","v4.2.0rc0","v4.2.0rc1","v4.2.0rc2","v4.2.0rc3","wireshark-1.11.3","wireshark-1.99.0","wireshark-1.99.1","wireshark-1.99.2","wireshark-1.99.3","wireshark-1.99.4","wireshark-1.99.5","wireshark-1.99.6","wireshark-1.99.7","wireshark-1.99.8","wireshark-1.99.9","wireshark-2.1.0","wireshark-2.1.1","wireshark-2.5.0","wireshark-4.2.0rc2"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-24478.json","vanir_signatures":[{"signature_version":"v1","digest":{"threshold":0.9,"line_hashes":["189510381883406169918325495416495645628","181089365518570185575899566930178211713","288824539015244219907814267140692011600","231711256843286469016356453456773215885","35100258221036831720984631592268922494","334244044918645183681682574178738743152","211445642022212795891193699352760917977","305277753338753293584358383658217787587","152452212672930070829047729190010841056","151113407929423182015904353390556114092","323156851194075810930943076740140246760"]},"target":{"file":"epan/dissectors/packet-bgp.c"},"source":"https://github.com/wireshark/wireshark/commit/80a4dc55f4d2fa33c2b36a99406500726d3faaef","signature_type":"Line","id":"CVE-2024-24478-2ea8e0eb","deprecated":false},{"signature_version":"v1","digest":{"length":152027,"function_hash":"39544085995930972711160404121960114806"},"target":{"file":"epan/dissectors/packet-bgp.c","function":"proto_register_bgp"},"source":"https://github.com/wireshark/wireshark/commit/80a4dc55f4d2fa33c2b36a99406500726d3faaef","signature_type":"Function","id":"CVE-2024-24478-8efb7f3e","deprecated":false}],"vanir_signatures_modified":"2026-04-12T08:03:53Z"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}]}