Home

Description

MONGO and ZigBee TLV dissector infinite loops in Wireshark 4.2.0 to 4.2.4, 4.0.0 to 4.0.14, and 3.6.0 to 3.6.22 allow denial of service via packet injection or crafted capture file

PUBLISHED Reserved 2024-05-14 | Published 2024-05-14 | Updated 2024-08-29 | Assigner GitLab




MEDIUM: 6.4CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:H

Problem types

CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop')

Product status

Default status
unaffected

4.2.0 before 4.2.5
affected

4.0.0 before 4.0.15
affected

3.6.0 before 3.6.23
affected

References

www.wireshark.org/security/wnpa-sec-2024-07.html

gitlab.com/wireshark/wireshark/-/issues/19726 (GitLab Issue #19726) issue-tracking permissions-required

gitlab.com/wireshark/wireshark/-/merge_requests/15047

gitlab.com/wireshark/wireshark/-/merge_requests/15499

cve.org (CVE-2024-4854)

nvd.nist.gov (CVE-2024-4854)

Download JSON