Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2010-4301Infinite Loop in Wireshark

CWE-399CWE-835Infinite Loop6 documents6 sources
Severity
5.0MEDIUMNVD
EPSS
5.4%
top 9.84%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
2
WiresharkDebian Wireshark
Timeline
PublishedNov 26
Latest updateMay 17

Description

epan/dissectors/packet-zbee-zcl.c in the ZigBee ZCL dissector in Wireshark 1.4.0 through 1.4.1 allows remote attackers to cause a denial of service (infinite loop) via a crafted ZCL packet, related to Discover Attributes.

CVSS vector

AV:N/AC:L/C:N/I:N/A:PExploitability: 10.0 | Impact: 2.9

Affected Packages2 packages

NVDwireshark/wireshark1.4.0, 1.4.1+1

Patches

Patch: bugs.wireshark.orgPatch: bugs.wireshark.orgPatch: bugs.wireshark.org

🔴Vulnerability Details

1
GHSA
GHSA-wx8w-3v99-w2v8: epan/dissectors/packet-zbee-zcl2022-05-17

💥Exploits & PoCs

1
Exploit-DB
Wireshark - ZigBee ZCL Dissector Infinite Loop Denial of Service2011-01-11

📋Vendor Advisories

2
Red Hat
Wireshark: Infinite loop in Zigbee ZCL dissector2010-11-18
Debian
CVE-2010-4301: wireshark - epan/dissectors/packet-zbee-zcl.c in the ZigBee ZCL dissector in Wireshark 1.4.0...2010

💬Community

1
Bugzilla
CVE-2010-4301 Wireshark: Infinite loop in Zigbee ZCL dissector2010-11-23