CVE-2024-8645 is a vulnerability identified in the Wireshark network protocol analyzer, specifically affecting versions 4.0.0 through 4.0.15 and 4.2.0. The issue arises from an access of an uninitialized pointer within the SPRT dissector component. When Wireshark processes specially crafted packets or capture files containing malformed SPRT protocol data, it may attempt to dereference an uninitialized pointer, leading to a crash of the application. This results in a denial of service condition, where the availability of Wireshark is disrupted. The vulnerability is classified under CWE-824, which relates to accessing uninitialized pointers, a common programming error that can cause unpredictable behavior or crashes. Exploitation requires that an attacker can inject malicious packets into the network traffic being analyzed or supply a crafted capture file that a user opens in Wireshark. No authentication or elevated privileges are required, but user interaction is necessary to open the malicious file or capture the malicious traffic. The CVSS v3.1 base score is 5.5, indicating a medium severity, with the vector indicating local attack vector, low attack complexity, no privileges required, user interaction required, and impact limited to availability. Currently, there are no known exploits in the wild, and no patches have been linked yet, so users should monitor vendor advisories for updates. The vulnerability primarily affects network analysts, security professionals, and administrators who use Wireshark for traffic inspection and troubleshooting.

The primary impact of CVE-2024-8645 is a denial of service condition affecting the availability of Wireshark during network analysis. This can disrupt security monitoring, incident response, and troubleshooting activities that rely on Wireshark, potentially delaying detection and mitigation of other network threats. Since the vulnerability does not affect confidentiality or integrity, it does not directly lead to data breaches or unauthorized data modification. However, the forced crash of Wireshark could be leveraged by attackers to hinder forensic analysis or evade detection during an active attack. Organizations that depend heavily on Wireshark for real-time network visibility, especially in security operations centers (SOCs), may experience operational impacts. The requirement for user interaction and local access limits remote exploitation, reducing the overall risk to large-scale infrastructure but still posing a threat in environments where untrusted capture files are shared or malicious packets can be injected. The absence of known exploits in the wild reduces immediate risk but does not preclude future exploitation attempts.

To mitigate CVE-2024-8645, organizations should implement the following specific measures: 1) Avoid opening capture files from untrusted or unknown sources until a vendor patch is released. 2) Restrict network access and packet injection capabilities to trusted users and devices to prevent malicious packet injection. 3) Use sandboxing or isolated environments when analyzing suspicious capture files to contain potential crashes. 4) Monitor Wireshark vendor advisories closely and apply patches promptly once available. 5) Educate users and analysts about the risks of opening unverified capture files and encourage verification of file provenance. 6) Employ network segmentation and strict access controls to limit exposure of Wireshark instances to potentially malicious traffic. 7) Consider alternative tools or versions not affected by this vulnerability if immediate patching is not feasible. These targeted actions go beyond generic advice by focusing on controlling input sources, user behavior, and environment isolation to reduce exploitation opportunities.