CVE-2024-4854

MONGO and ZigBee TLV dissector infinite loops in Wireshark 4.2.0 to 4.2.4, 4.0.0 to 4.0.14, and 3.6.0 to 3.6.22 allow denial of service via packet injection or crafted capture file

Database specific

{
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2024/4xxx/CVE-2024-4854.json",
    "cna_assigner": "GitLab",
    "cwe_ids": [
        "CWE-835"
    ]
}

References

Affected packages

Git / github.com/wireshark/wireshark

Affected ranges

Type: GIT
Repo: https://github.com/wireshark/wireshark
Events: Introduced

54eedfc63953c8180b5a9c60015917cce7a2548a

Last affected

1fe5bce8d665c0d64e1af63545421c67596db165

Introduced

3a34e44d02c9c91f9f851bd6f29ff4505131b127

Last affected

52c2c38eb3d909756ba2536beeac7bda33e80a49

Introduced

0cbe09cd796b2ea24c6069b76ea16df7f51cf67b

Last affected

c1fcda4ca0fbe25deb896243c5ec8dfaeedd3092

Affected versions

v3.*

v3.6.0

v3.6.1

v3.6.10

v3.6.10rc0

v3.6.11

v3.6.11rc0

v3.6.12

v3.6.12rc0

v3.6.13

v3.6.13rc0

v3.6.14

v3.6.14rc0

v3.6.15

v3.6.15rc0

v3.6.16

v3.6.16rc0

v3.6.17

v3.6.17rc0

v3.6.18

v3.6.18rc0

v3.6.19

v3.6.19rc0

v3.6.1rc0

v3.6.2

v3.6.20

v3.6.20rc0

v3.6.21

v3.6.21rc0

v3.6.22

v3.6.22rc0

v3.6.2rc0

v3.6.3

v3.6.3rc0

v3.6.4

v3.6.4rc0

v3.6.5

v3.6.5rc0

v3.6.6

v3.6.6rc0

v3.6.7

v3.6.7rc0

v3.6.8

v3.6.8rc0

v3.6.9

v3.6.9rc0

v4.*

v4.0.0

v4.0.1

v4.0.10

v4.0.10rc0

v4.0.11

v4.0.11rc0

v4.0.12

v4.0.12rc0

v4.0.13

v4.0.13rc0

v4.0.14

v4.0.14rc0

v4.0.1rc0

v4.0.2

v4.0.2rc0

v4.0.3

v4.0.3rc0

v4.0.4

v4.0.4rc0

v4.0.5

v4.0.5rc0

v4.0.6

v4.0.6rc0

v4.0.7

v4.0.7rc0

v4.0.8

v4.0.8rc0

v4.0.9

v4.0.9rc0

v4.2.0

v4.2.1

v4.2.1rc0

v4.2.2

v4.2.2rc0

v4.2.3

v4.2.3rc0

v4.2.4

v4.2.4rc0

wireshark-3.*

wireshark-3.6.0

wireshark-3.6.1

wireshark-3.6.10

wireshark-3.6.11

wireshark-3.6.12

wireshark-3.6.13

wireshark-3.6.14

wireshark-3.6.15

wireshark-3.6.16

wireshark-3.6.17

wireshark-3.6.18

wireshark-3.6.19

wireshark-3.6.2

wireshark-3.6.20

wireshark-3.6.21

wireshark-3.6.22

wireshark-3.6.3

wireshark-3.6.4

wireshark-3.6.5

wireshark-3.6.6

wireshark-3.6.7

wireshark-3.6.8

wireshark-3.6.9

wireshark-4.*

wireshark-4.0.0

wireshark-4.0.1

wireshark-4.0.10

wireshark-4.0.11

wireshark-4.0.12

wireshark-4.0.13

wireshark-4.0.14

wireshark-4.0.2

wireshark-4.0.3

wireshark-4.0.4

wireshark-4.0.5

wireshark-4.0.6

wireshark-4.0.7

wireshark-4.0.8

wireshark-4.0.9

wireshark-4.2.0

wireshark-4.2.1

wireshark-4.2.2

wireshark-4.2.3

wireshark-4.2.4

Git / gitlab.com/wireshark/wireshark

Affected ranges

Type

GIT

Repo

https://gitlab.com/wireshark/wireshark

Events

Introduced

54eedfc63953c8180b5a9c60015917cce7a2548a

Fixed

4aa814ac25a18ea48d4002351ed45d4b245b0c08

Database specific

{
    "versions": [
        {
            "introduced": "4.2.0"
        },
        {
            "fixed": "4.2.5"
        }
    ]
}

Type

GIT

Repo

https://gitlab.com/wireshark/wireshark

Events

Introduced

0cbe09cd796b2ea24c6069b76ea16df7f51cf67b

Fixed

10bc5ded73f3403769d4a6e1a2438a776373aa8a

Database specific

{
    "versions": [
        {
            "introduced": "4.0.0"
        },
        {
            "fixed": "4.0.15"
        }
    ]
}

Type

GIT

Repo

https://gitlab.com/wireshark/wireshark

Events

Introduced

3a34e44d02c9c91f9f851bd6f29ff4505131b127

Fixed

8b52657fa4eeda249e007bf0441f26d9ead63e47

Database specific

{
    "versions": [
        {
            "introduced": "3.6.0"
        },
        {
            "fixed": "3.6.23"
        }
    ]
}

Affected versions

v3.*

v3.6.0

v3.6.1

v3.6.10

v3.6.10rc0

v3.6.11

v3.6.11rc0

v3.6.12

v3.6.12rc0

v3.6.13

v3.6.13rc0

v3.6.14

v3.6.14rc0

v3.6.15

v3.6.15rc0

v3.6.16

v3.6.16rc0

v3.6.17

v3.6.17rc0

v3.6.18

v3.6.18rc0

v3.6.19

v3.6.19rc0

v3.6.1rc0

v3.6.2

v3.6.20

v3.6.20rc0

v3.6.21

v3.6.21rc0

v3.6.22

v3.6.22rc0

v3.6.23rc0

v3.6.2rc0

v3.6.3

v3.6.3rc0

v3.6.4

v3.6.4rc0

v3.6.5

v3.6.5rc0

v3.6.6

v3.6.6rc0

v3.6.7

v3.6.7rc0

v3.6.8

v3.6.8rc0

v3.6.9

v3.6.9rc0

v4.*

v4.0.0

v4.0.1

v4.0.10

v4.0.10rc0

v4.0.11

v4.0.11rc0

v4.0.12

v4.0.12rc0

v4.0.13

v4.0.13rc0

v4.0.14

v4.0.14rc0

v4.0.15rc0

v4.0.1rc0

v4.0.2

v4.0.2rc0

v4.0.3

v4.0.3rc0

v4.0.4

v4.0.4rc0

v4.0.5

v4.0.5rc0

v4.0.6

v4.0.6rc0

v4.0.7

v4.0.7rc0

v4.0.8

v4.0.8rc0

v4.0.9

v4.0.9rc0

v4.2.0

v4.2.1

v4.2.1rc0

v4.2.2

v4.2.2rc0

v4.2.3

v4.2.3rc0

v4.2.4

v4.2.4rc0

v4.2.5rc0

wireshark-3.*

wireshark-3.6.0

wireshark-3.6.1

wireshark-3.6.10

wireshark-3.6.11

wireshark-3.6.12

wireshark-3.6.13

wireshark-3.6.14

wireshark-3.6.15

wireshark-3.6.16

wireshark-3.6.17

wireshark-3.6.18

wireshark-3.6.19

wireshark-3.6.2

wireshark-3.6.20

wireshark-3.6.21

wireshark-3.6.22

wireshark-3.6.3

wireshark-3.6.4

wireshark-3.6.5

wireshark-3.6.6

wireshark-3.6.7

wireshark-3.6.8

wireshark-3.6.9

wireshark-4.*

wireshark-4.0.0

wireshark-4.0.1

wireshark-4.0.10

wireshark-4.0.11

wireshark-4.0.12

wireshark-4.0.13

wireshark-4.0.14

wireshark-4.0.2

wireshark-4.0.3

wireshark-4.0.4

wireshark-4.0.5

wireshark-4.0.6

wireshark-4.0.7

wireshark-4.0.8

wireshark-4.0.9

wireshark-4.2.0

wireshark-4.2.1

wireshark-4.2.2

wireshark-4.2.3

wireshark-4.2.4