Loop with Unreachable Exit Condition ('Infinite Loop') in Wireshark
CVE-2024-4854

7.5HIGH

Key Information:

Vendor: Wireshark
Status: Wireshark
Vendor: CVE Published:; 14 May 2024

What is CVE-2024-4854?

An issue in Wireshark affects specific versions of the software, where the MONGO and ZigBee TLV dissectors could enter infinite loops during packet processing. This vulnerability can be exploited through crafted capture files or packet injection, leading to denial of service conditions. Administrators are advised to update to the latest version to mitigate this risk and ensure continuous operation of their network analysis tools.

Affected Version(s)

Wireshark 4.2.0 < 4.2.5

Wireshark 4.0.0 < 4.0.15

Wireshark 3.6.0 < 3.6.23

References

https://www.wireshark.org/security/wnpa-sec-2024-07.html

https://gitlab.com/wireshark/wireshark/-/issues/19726

issue-trackingpermissions-required

https://gitlab.com/wireshark/wireshark/-/merge_requests/1...

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 14, 2024