Vulnerability Details CVE-2024-4854
MONGO and ZigBee TLV dissector infinite loops in Wireshark 4.2.0 to 4.2.4, 4.0.0 to 4.0.14, and 3.6.0 to 3.6.22 allow denial of service via packet injection or crafted capture file
Exploit prediction scoring system (EPSS) score
EPSS Score 0.005
EPSS Ranking 65.6%
CVSS Severity
CVSS v3 Score 6.4
References
- https://gitlab.com/wireshark/wireshark/-/issues/19726
- https://gitlab.com/wireshark/wireshark/-/merge_requests/15047
- https://gitlab.com/wireshark/wireshark/-/merge_requests/15499
- https://www.wireshark.org/security/wnpa-sec-2024-07.html
- https://gitlab.com/wireshark/wireshark/-/issues/19726
- https://gitlab.com/wireshark/wireshark/-/merge_requests/15047
- https://gitlab.com/wireshark/wireshark/-/merge_requests/15499
- https://lists.debian.org/debian-lts-announce/2024/09/msg00049.html
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/66H2BSENPSIALF2WIZF7M3QBVWYBMFGW/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7MKFJAZDKXGFFQPRDYLX2AANRNMYZZEZ/
- https://www.wireshark.org/security/wnpa-sec-2024-07.html
Products affected by CVE-2024-4854
-
cpe:2.3:a:wireshark:wireshark:3.6.0
-
cpe:2.3:a:wireshark:wireshark:3.6.1
-
cpe:2.3:a:wireshark:wireshark:3.6.10
-
cpe:2.3:a:wireshark:wireshark:3.6.11
-
cpe:2.3:a:wireshark:wireshark:3.6.12
-
cpe:2.3:a:wireshark:wireshark:3.6.13
-
cpe:2.3:a:wireshark:wireshark:3.6.14
-
cpe:2.3:a:wireshark:wireshark:3.6.17
-
cpe:2.3:a:wireshark:wireshark:3.6.18
-
cpe:2.3:a:wireshark:wireshark:3.6.2
-
cpe:2.3:a:wireshark:wireshark:3.6.22
-
cpe:2.3:a:wireshark:wireshark:3.6.3
-
cpe:2.3:a:wireshark:wireshark:3.6.4
-
cpe:2.3:a:wireshark:wireshark:3.6.5
-
cpe:2.3:a:wireshark:wireshark:3.6.6
-
cpe:2.3:a:wireshark:wireshark:3.6.7
-
cpe:2.3:a:wireshark:wireshark:3.6.8
-
cpe:2.3:a:wireshark:wireshark:4.0.0
-
cpe:2.3:a:wireshark:wireshark:4.0.1
-
cpe:2.3:a:wireshark:wireshark:4.0.10
-
cpe:2.3:a:wireshark:wireshark:4.0.14
-
cpe:2.3:a:wireshark:wireshark:4.0.2
-
cpe:2.3:a:wireshark:wireshark:4.0.3
-
cpe:2.3:a:wireshark:wireshark:4.0.4
-
cpe:2.3:a:wireshark:wireshark:4.0.5
-
cpe:2.3:a:wireshark:wireshark:4.0.6
-
cpe:2.3:a:wireshark:wireshark:4.0.9
-
cpe:2.3:a:wireshark:wireshark:4.2.1
-
cpe:2.3:a:wireshark:wireshark:4.2.2
-
cpe:2.3:a:wireshark:wireshark:4.2.3
-
cpe:2.3:a:wireshark:wireshark:4.2.4
-
cpe:2.3:o:fedoraproject:fedora:39
-
cpe:2.3:o:fedoraproject:fedora:40