CVE-2024-0210 is a vulnerability identified in Wireshark version 4.2.0, specifically within the Zigbee TLV (Type-Length-Value) dissector component. The root cause is an uncontrolled recursion condition (CWE-674) that occurs when Wireshark processes malformed Zigbee packets or capture files. This uncontrolled recursion can cause the application to crash, resulting in a denial of service (DoS). The vulnerability is exploitable by an attacker who can supply a crafted capture file or inject malicious Zigbee packets into the network traffic that Wireshark analyzes. The CVSS v3.1 base score is 7.8, indicating high severity, with attack vector local (AV:L), low attack complexity (AC:L), no privileges required (PR:N), user interaction required (UI:R), unchanged scope (S:U), and high impact on confidentiality, integrity, and availability (C:H/I:H/A:H). The flaw allows an attacker to disrupt network analysis operations, potentially causing loss of visibility into network traffic or crashing systems running Wireshark. No patches are currently linked, and no known exploits have been reported in the wild as of the publication date. The vulnerability highlights the risks in protocol dissectors handling complex IoT protocols like Zigbee, which are increasingly prevalent in smart home and industrial environments.

The primary impact of CVE-2024-0210 is denial of service, where Wireshark crashes upon processing malicious Zigbee traffic or capture files. This can disrupt network monitoring and forensic analysis, critical for incident response and threat hunting. The vulnerability also affects confidentiality and integrity since a crash may interrupt ongoing analysis or allow attackers to evade detection. Organizations using Wireshark to analyze Zigbee or IoT network traffic are particularly vulnerable, including those in smart home device manufacturing, industrial control systems, and cybersecurity research. The requirement for user interaction (opening a crafted file) limits remote exploitation but does not eliminate risk, especially in environments where capture files are shared or imported from untrusted sources. The lack of known exploits reduces immediate threat but the high CVSS score and the growing use of Zigbee devices suggest a significant risk if exploited. Operational disruption and potential loss of forensic data integrity are key concerns.

1. Avoid opening capture files from untrusted or unknown sources, especially those containing Zigbee traffic. 2. Monitor and filter Zigbee network traffic to detect and block malformed or suspicious packets that could trigger the vulnerability. 3. Implement strict access controls on systems running Wireshark to limit exposure to crafted files. 4. Use sandboxing or isolated environments when analyzing untrusted capture files to contain potential crashes. 5. Stay alert for official patches or updates from the Wireshark Foundation and apply them promptly once available. 6. Educate network analysts and security teams about the risks of processing untrusted Zigbee data. 7. Consider alternative tools or updated versions of Wireshark that address this vulnerability for critical environments. 8. Employ network segmentation to isolate IoT and Zigbee traffic from critical monitoring infrastructure.