CVE-2024-4854

Опубликовано: 14 мая 2024

Источник: debian

EPSS Низкий

Описание

MONGO and ZigBee TLV dissector infinite loops in Wireshark 4.2.0 to 4.2.4, 4.0.0 to 4.0.14, and 3.6.0 to 3.6.22 allow denial of service via packet injection or crafted capture file

Пакеты

Пакет	Статус	Версия исправления	Релиз	Тип
wireshark	fixed	4.2.5-1		package
wireshark	fixed	4.0.17-0+deb12u1	bookworm	package
wireshark	postponed		buster	package

Примечания

https://www.wireshark.org/security/wnpa-sec-2024-07.html
https://gitlab.com/wireshark/wireshark/-/issues/19726
https://gitlab.com/wireshark/wireshark/-/merge_requests/15047
https://gitlab.com/wireshark/wireshark/-/merge_requests/15499
Zigbee TLV dissector introduced in 4.2

EPSS

Процентиль: 47%

0.00241

Низкий

Связанные уязвимости

CVE-2024-4854

CVSS3: 6.4

ubuntu

больше 1 года назад

MONGO and ZigBee TLV dissector infinite loops in Wireshark 4.2.0 to 4.2.4, 4.0.0 to 4.0.14, and 3.6.0 to 3.6.22 allow denial of service via packet injection or crafted capture file

CVE-2024-4854

CVSS3: 6.5

redhat

больше 1 года назад

MONGO and ZigBee TLV dissector infinite loops in Wireshark 4.2.0 to 4.2.4, 4.0.0 to 4.0.14, and 3.6.0 to 3.6.22 allow denial of service via packet injection or crafted capture file

CVE-2024-4854

CVSS3: 6.4

nvd

больше 1 года назад

MONGO and ZigBee TLV dissector infinite loops in Wireshark 4.2.0 to 4.2.4, 4.0.0 to 4.0.14, and 3.6.0 to 3.6.22 allow denial of service via packet injection or crafted capture file

CVE-2024-4854

CVSS3: 7.5

msrc

5 месяцев назад

Описание отсутствует

GHSA-6w7h-3cwx-m3mp

CVSS3: 6.4

github

больше 1 года назад

MONGO and ZigBee TLV dissector infinite loops in Wireshark 4.2.0 to 4.2.4, 4.0.0 to 4.0.14, and 3.6.0 to 3.6.22 allow denial of service via packet injection or crafted capture file

EPSS

Процентиль: 47%

0.00241

Низкий