CVE-2024-0209: 
Wireshark vulnerability analysis and mitigation

CVE-2024-0209 affects the IEEE 1609.2 dissector in Wireshark versions 4.2.0, 4.0.0 to 4.0.11, and 3.6.0 to 3.6.19. The vulnerability was discovered by Han Zheng and disclosed on January 3, 2024. The issue allows for a denial of service condition through packet injection or crafted capture file (Wireshark Advisory).

The vulnerability is classified as a NULL Pointer Dereference (CWE-476) that affects the IEEE 1609.2 and potentially other ASN.1-based dissectors in Wireshark. The issue has received a CVSS v3.1 base score of 7.5 (High) with vector CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H, indicating a high-severity vulnerability that can be exploited over the network without requiring privileges or user interaction (NVD).

The vulnerability can result in a denial of service condition where Wireshark may crash when processing malformed packets. This can occur either through malicious packet injection on a network or when opening a specially crafted packet trace file (Wireshark Advisory).

The vulnerability has been fixed in Wireshark versions 4.2.1, 4.0.12, and 3.6.20. Users are advised to upgrade to these or later versions to mitigate the vulnerability (Wireshark Advisory).