CVE-2024-8250

HIGH

Published Aug 29, 2024 Modified Nov 3, 2025 CWE-825 CWE-787

Description

NTLMSSP dissector crash in Wireshark 4.2.0 to 4.0.6 and 4.0.0 to 4.0.16 allows denial of service via packet injection or crafted capture file

CVSS v3.1 Score

7.8

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Weakness Type (CWE)

CWE-825 CWE-825

CWE-787 Out-of-bounds Write

Affected Products

Vendor	Product	Versions
wireshark	wireshark	4.0.0 — 4.0.17
wireshark	wireshark	4.2.0 — 4.2.7

References

Advisories & Patches

https://www.wireshark.org/security/wnpa-sec-2024-11.html

Exploits

https://gitlab.com/wireshark/wireshark/-/issues/19943

Other References

https://lists.debian.org/debian-lts-announce/2024/09/msg00049.html

Frequently Asked Questions

What is CVE-2024-8250? +

NTLMSSP dissector crash in Wireshark 4.2.0 to 4.0.6 and 4.0.0 to 4.0.16 allows denial of service via packet injection or crafted capture file It has a CVSS v3.1 base score of 7.8 (HIGH).

How severe is CVE-2024-8250? +

CVE-2024-8250 has a CVSS v3.1 score of 7.8 out of 10, rated HIGH. This is a high-severity vulnerability that should be prioritized for patching.

What products are affected by CVE-2024-8250? +

CVE-2024-8250 affects products from wireshark, specifically: wireshark. Check the affected products table above for specific version ranges.

How do I check if I'm vulnerable to CVE-2024-8250? +

You can use Secably's free Website Scanner to check your website for known vulnerabilities. For infrastructure scanning, use the Port Scanner to identify exposed services that may be affected. Check the vendor advisories linked above for specific patch and version information.

Related Vulnerabilities

CVE-2024-23310 9.8

A use-after-free vulnerability exists in the sopen_FAMOS_read functionality of The Biosig Project libbiosig 2.5.0 and Master Branch (ab0ee111). A specially …

CVE-2025-49794 9.1

A use-after-free vulnerability was found in libxml2. This issue occurs when parsing XPath elements under certain circumstances when the XML …

CVE-2026-7111 8.4

Text::CSV_XS versions before 1.62 for Perl have a use-after-free when registered callbacks extend the Perl argument stack, which may enable …

CVE-2026-34001 7.8

A flaw was found in the X.Org X server. This use-after-free vulnerability occurs in the XSYNC fence triggering logic, specifically …

CVE-2024-39792 7.5

When the NGINX Plus is configured to use the MQTT pre-read module, undisclosed requests can cause an increase in memory …

CVE-2025-49795 7.5

A NULL pointer dereference vulnerability was found in libxml2 when processing XPath XML expressions. This flaw allows an attacker to …

Quick Facts

CVSS Score: 7.8
Severity: HIGH
Published: Aug 29, 2024

Scan for this vulnerability

Check if your website or infrastructure is affected by CVE-2024-8250.

Website Scan Port Scan

Browse CVEs

Critical High CISA KEV ! Most likely exploited →