CVE-2024-4854 — Infinite Loop in Foundation Wireshark

CWE-835 — Infinite Loop6 documents6 sources

Severity

7.5HIGHNVD

CNA6.4

EPSS

0.7%

top 28.87%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Wireshark Foundation Wireshark Wireshark Fedoraproject Fedora

Timeline

PublishedMay 14

Latest updateMay 15

Description

MONGO and ZigBee TLV dissector infinite loops in Wireshark 4.2.0 to 4.2.4, 4.0.0 to 4.0.14, and 3.6.0 to 3.6.22 allow denial of service via packet injection or crafted capture file

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 3.9 | Impact: 3.6

Affected Packages3 packages

▶CVEListV5wireshark_foundation/wireshark4.2.0 — 4.2.5+2

▶Debianwireshark/wireshark< 3.4.16-0+deb11u1+3

▶NVDwireshark/wireshark3.6.0 — 3.6.22+2

Also affects: Fedora 39, 40

🔴Vulnerability Details

CVEList

Loop with Unreachable Exit Condition ('Infinite Loop') in Wireshark↗2024-05-14

▶

OSV

CVE-2024-4854: MONGO and ZigBee TLV dissector infinite loops in Wireshark 4↗2024-05-14

▶

GHSA

GHSA-6w7h-3cwx-m3mp: MONGO and ZigBee TLV dissector infinite loops in Wireshark 4↗2024-05-14

▶

📋Vendor Advisories

Red Hat

wireshark: MONGO and ZigBee TLV dissector infinite loops↗2024-05-15

▶

Debian

CVE-2024-4854: wireshark - MONGO and ZigBee TLV dissector infinite loops in Wireshark 4.2.0 to 4.2.4, 4.0.0...↗2024

▶