CVE-2024-11595 — Infinite Loop in Foundation Wireshark

CWE-835 — Infinite Loop6 documents6 sources

Severity

5.5MEDIUMNVD

CNA7.8

EPSS

0.0%

top 98.08%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Wireshark Foundation Wireshark Wireshark

Timeline

PublishedNov 21

Latest updateMay 7

Description

FiveCo RAP dissector infinite loop in Wireshark 4.4.0 to 4.4.1 and 4.2.0 to 4.2.8 allows denial of service via packet injection or crafted capture file

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:HExploitability: 1.8 | Impact: 3.6

Affected Packages3 packages

▶NVDwireshark/wireshark4.2.0 — 4.2.9+1

▶CVEListV5wireshark_foundation/wireshark4.4.0 — 4.4.2+1

▶Debianwireshark/wireshark< 4.4.2-1+1

🔴Vulnerability Details

GHSA

GHSA-22gx-4xv7-xwjg: FiveCo RAP dissector infinite loop in Wireshark 4↗2025-05-07

▶

CVEList

Loop with Unreachable Exit Condition ('Infinite Loop') in Wireshark↗2024-11-21

▶

OSV

CVE-2024-11595: FiveCo RAP dissector infinite loop in Wireshark 4↗2024-11-21

▶

📋Vendor Advisories

Red Hat

wireshark: Loop with Unreachable Exit Condition ('Infinite Loop') in Wireshark↗2024-11-21

▶

Debian

CVE-2024-11595: wireshark - FiveCo RAP dissector infinite loop in Wireshark 4.4.0 to 4.4.1 and 4.2.0 to 4.2....↗2024

▶