CVE-2024-4854

Summary

MONGO and ZigBee TLV dissector infinite loops in Wireshark 4.2.0 to 4.2.4, 4.0.0 to 4.0.14, and 3.6.0 to 3.6.22 allow denial of service via packet injection or crafted capture file

Affected Software

VendorProductVersion RangeStatus
Wireshark FoundationWireshark4.2.0 < 4.2.5affected
Wireshark FoundationWireshark4.0.0 < 4.0.15affected
Wireshark FoundationWireshark3.6.0 < 3.6.23affected

Weaknesses

  • CWE-835: CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop')

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

CVE Program Container

Additional References

References