Lucene search

Veracode Vulnerability DatabaseVERACODE:47146

HistoryMay 23, 2024 - 11:16 a.m.

Denial Of Service (DOS)

2024-05-2311:16:06

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

wireshark

vulnerability

infinite loop

denial of service

mongo

zigbee tlv dissector

packet injection

crafted capture file

CVSS3

6.4

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:H

AI Score

7.3

Confidence

High

EPSS

Percentile

16.3%

JSON

Wireshark is vulnerable to Denial Of Service (DOS). The vulnerability is due to MONGO and ZigBee TLV dissector infinite loops resulting in Unreachable Exit Condition via packet injection or crafted capture file.

References

gitlab.com/wireshark/wireshark/-/issues/19726

gitlab.com/wireshark/wireshark/-/merge_requests/15047

gitlab.com/wireshark/wireshark/-/merge_requests/15499

lists.fedoraproject.org/archives/list/[email protected]/message/66H2BSENPSIALF2WIZF7M3QBVWYBMFGW/

lists.fedoraproject.org/archives/list/[email protected]/message/7MKFJAZDKXGFFQPRDYLX2AANRNMYZZEZ/

security-tracker.debian.org/tracker/CVE-2024-4854

www.wireshark.org/security/wnpa-sec-2024-07.html

CVSS3

6.4

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:H

AI Score

7.3

Confidence

High

EPSS

Percentile

16.3%

JSON

Related for VERACODE:47146