Loop with Unreachable Exit Condition ('Infinite Loop') in Wireshark
CVE-2024-4854

6.4MEDIUM

Key Information:

Vendor: Wireshark
Status: Wireshark
Vendor: CVE Published:; 14 May 2024

Summary

MONGO and ZigBee TLV dissector infinite loops in Wireshark 4.2.0 to 4.2.4, 4.0.0 to 4.0.14, and 3.6.0 to 3.6.22 allow denial of service via packet injection or crafted capture file

Affected Version(s)

Wireshark 4.2.0 < 4.2.5

Wireshark 4.0.0 < 4.0.15

Wireshark 3.6.0 < 3.6.23

References

https://www.wireshark.org/security/wnpa-sec-2024-07.html

https://gitlab.com/wireshark/wireshark/-/issues/19726

issue-trackingpermissions-required

https://gitlab.com/wireshark/wireshark/-/merge_requests/1...

CVSS V3.1

Score:

6.4

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
May 14, 2024