CVE-2024-4854
Loop with Unreachable Exit Condition ('Infinite Loop') in Wireshark
CVSS Score
6.4
EPSS Score
0.7%
EPSS Percentile
71th
MONGO and ZigBee TLV dissector infinite loops in Wireshark 4.2.0 to 4.2.4, 4.0.0 to 4.0.14, and 3.6.0 to 3.6.22 allow denial of service via packet injection or crafted capture file
| CWE | CWE-835 |
| Vendor | wireshark foundation |
| Product | wireshark |
| Published | May 14, 2024 |
| Last Updated | Mar 27, 2026 |
Stay Ahead of the Next One
Get instant alerts for wireshark foundation wireshark
Be the first to know when new medium vulnerabilities affecting wireshark foundation wireshark are published โ delivered to Slack, Telegram or Discord.
Get Free Alerts โ
Free ยท No credit card ยท 60 sec setup
CVSS v3 Breakdown
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:H Attack Vector
Network
Attack Complexity
High
Privileges Required
None
User Interaction
Required
Scope
Unchanged
Confidentiality
Low
Integrity
Low
Availability
High
Affected Versions
Wireshark Foundation / Wireshark
4.2.0 < 4.2.5 4.0.0 < 4.0.15 3.6.0 < 3.6.23
References
wireshark.org: https://www.wireshark.org/security/wnpa-sec-2024-07.html gitlab.com: https://gitlab.com/wireshark/wireshark/-/issues/19726 gitlab.com: https://gitlab.com/wireshark/wireshark/-/merge_requests/15047 gitlab.com: https://gitlab.com/wireshark/wireshark/-/merge_requests/15499 lists.fedoraproject.org: https://lists.fedoraproject.org/archives/list/[email protected]/message/66H2BSENPSIALF2WIZF7M3QBVWYBMFGW/ lists.fedoraproject.org: https://lists.fedoraproject.org/archives/list/[email protected]/message/7MKFJAZDKXGFFQPRDYLX2AANRNMYZZEZ/ lists.debian.org: https://lists.debian.org/debian-lts-announce/2024/09/msg00049.html