CVE Radar Logo
CVERadar
CVE Radar Logo
CVERadar

CVE-2024-4854

Medium Severity
Fedoraproject
SVRS
30/100
CVSSv3
7.5/10
EPSS
0.00054/1

CVE-2024-4854: Wireshark MONGO and ZigBee TLV dissector infinite loop vulnerability allows for denial of service. Affects Wireshark versions 4.2.0 to 4.2.4, 4.0.0 to 4.0.14, and 3.6.0 to 3.6.22. An attacker can exploit this by injecting malicious packets or using a crafted capture file, causing the application to enter an infinite loop and become unresponsive. Despite a CVSS score of 7.5, the SOCRadar Vulnerability Risk Score (SVRS) is 30, suggesting a lower level of immediate critical risk compared to vulnerabilities with scores above 80, but should still be addressed. Successful exploitation leads to application unavailability. Due to the vulnerability existing 'In The Wild', it indicates active exploitation or public availability of exploit code, making patching important.

TAGS
In The Wild
VECTOR STRING
CVSS:3.1
AV:N
AC:L
PR:N
UI:N
S:U
C:N
I:N
A:H
PUBLICATION DATE2024-05-14
LAST MODIFIED2025-04-18

Indicators of Compromise

No IOCs found for this CVE

Exploits

No exploits found for this CVE

Enhance Your CVE Management with SOCRadar Vulnerability Intelligence
Get comprehensive CVE details, real-time notifications, and proactive threat management all in one platform.
CREATE FREE ACCOUNT
CVE Details
Access comprehensive CVE information instantly
Real-time Tracking
Subscribe to CVEs and get instant updates
Exploit Analysis
Monitor related APT groups and threats
IOC Tracking
Analyze and track CVE-related IOCs

News

CVE-2024-4854 | Wireshark up to 3.6.22/4.0.14/4.2.4 TLV dissector infinite loop (ID 19726 / Nessus ID 207910)
vuldb.com2025-03-30
CVE-2024-4854 | Wireshark up to 3.6.22/4.0.14/4.2.4 TLV dissector infinite loop (ID 19726 / Nessus ID 207910) | A vulnerability was found in Wireshark up to 3.6.22/4.0.14/4.2.4. It has been rated as problematic. Affected by this issue is some unknown functionality of the component TLV dissector. The manipulation leads to infinite loop. This vulnerability is handled as CVE-2024-4854. The attack may be
vuldb.com
rss
forum
news
Vulnerability Summary for the Week of May 13, 2024
CISA2024-05-20
of the file /view/networkConfig/GRE/gre_add_commit.php. The manipulation of the argument name/remote/local/IP leads to os command injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-263937 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. 2024-05-14 6.3 <a
cisa.gov
rss
forum
news
Wireshark 4.2.5 Released: What’s New!
Guru baran2024-05-16
Wireshark 4.2.5 Released: What’s New! | Wireshark, the world&#8217;s foremost and widely used network protocol analyzer, has recently released version 4.2.5, which brings a host of new features and improvements. This latest update promises to enhance the user experience and provide even more powerful tools for network troubleshooting and analysis. One of the most significant additions in Wireshark 4.2.5 is the [&#8230;] The post Wireshark 4.2.5 Released: What&#8217;s New! appeared first on <a href
cve-2024-4854
cve-2024-4853
cve-2024-4855
domains

Social Media

[ "The following CVEs are being actively targeted: CVE-2024-3400, CVE-2023-27997, CVE-2024-30040, CVE-2024-21412, CVE-2024-3094, CVE-2024-21338, CVE-2024-4854, CVE-2024-4761, CVE-2024-21793, CVE-2024-26026, CVE-2023-46805, CVE-2024-20358,
1
0
0
CVE-2024-4854 MONGO and ZigBee TLV dissector infinite loops in Wireshark 4.2.0 to 4.2.4, 4.0.0 to 4.0.14, and 3.6.0 to 3.6.22 allow denial of service via packet injection or crafted … https://t.co/FRkIbg4kZt
0
0
0

Affected Software

Configuration 1
TypeVendorProduct
OSFedoraprojectfedora

References

ReferenceLink
CVE@GITLAB.COMhttps://gitlab.com/wireshark/wireshark/-/issues/19726
CVE@GITLAB.COMhttps://gitlab.com/wireshark/wireshark/-/merge_requests/15047
CVE@GITLAB.COMhttps://gitlab.com/wireshark/wireshark/-/merge_requests/15499
CVE@GITLAB.COMhttps://www.wireshark.org/security/wnpa-sec-2024-07.html
CVE@GITLAB.COMhttps://gitlab.com/wireshark/wireshark/-/issues/19726
CVE@GITLAB.COMhttps://gitlab.com/wireshark/wireshark/-/merge_requests/15047
CVE@GITLAB.COMhttps://gitlab.com/wireshark/wireshark/-/merge_requests/15499
CVE@GITLAB.COMhttps://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/66H2BSENPSIALF2WIZF7M3QBVWYBMFGW/
CVE@GITLAB.COMhttps://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7MKFJAZDKXGFFQPRDYLX2AANRNMYZZEZ/
CVE@GITLAB.COMhttps://www.wireshark.org/security/wnpa-sec-2024-07.html
AF854A3A-2127-422B-91AE-364DA2661108https://gitlab.com/wireshark/wireshark/-/issues/19726
AF854A3A-2127-422B-91AE-364DA2661108https://gitlab.com/wireshark/wireshark/-/merge_requests/15047
AF854A3A-2127-422B-91AE-364DA2661108https://gitlab.com/wireshark/wireshark/-/merge_requests/15499
AF854A3A-2127-422B-91AE-364DA2661108https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/66H2BSENPSIALF2WIZF7M3QBVWYBMFGW/
AF854A3A-2127-422B-91AE-364DA2661108https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7MKFJAZDKXGFFQPRDYLX2AANRNMYZZEZ/
AF854A3A-2127-422B-91AE-364DA2661108https://www.wireshark.org/security/wnpa-sec-2024-07.html
CVE@GITLAB.COMhttps://gitlab.com/wireshark/wireshark/-/issues/19726
CVE@GITLAB.COMhttps://gitlab.com/wireshark/wireshark/-/merge_requests/15047
CVE@GITLAB.COMhttps://gitlab.com/wireshark/wireshark/-/merge_requests/15499
CVE@GITLAB.COMhttps://www.wireshark.org/security/wnpa-sec-2024-07.html

CWE Details

CWE IDCWE NameDescription
CWE-835Loop with Unreachable Exit Condition ('Infinite Loop')The program contains an iteration or loop with an exit condition that cannot be reached, i.e., an infinite loop.

CVE Radar

Real-time CVE Intelligence & Vulnerability Management Platform

CVE Radar provides comprehensive vulnerability intelligence by monitoring CVE databases, security advisories, and threat feeds. Get instant updates on new vulnerabilities, exploit details, and mitigation strategies specific to your assets.

Get Free Vulnerability Intelligence AccessAccess real-time CVE monitoring, exploit analysis, and threat intelligence