14 matches found
Azure Linux 3.0 Security Update: wireshark (CVE-2024-4854)
The version of wireshark installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-4854 advisory. - MONGO and ZigBee TLV dissector infinite loops in Wireshark 4.2.0 to 4.2.4, 4.0.0 to 4.0.14, and 3.6.0 to...
SUSE SLED15: libwireshark17 / libwiretap14 / libwsutil15 / wireshark / etc (SUSE-SU-2024:3165-1)
The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:3165-1 advisory. wireshark was updated from version 3.6.23 to version 4.2.6 jscPED-8517: - Security issues fixed...
openSUSE Security Advisory (SUSE-SU-2024:1865-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
SUSE-SU-2024:2265-1 Security update for wireshark
This update for wireshark fixes the following issues: Update to version 3.6.22: - CVE-2024-4854: MONGO and ZigBee TLV dissector infinite loops bsc1224274 - CVE-2024-4853: The editcap command line utility could crash when chopping bytes from the beginning of a packet bsc1224259 - CVE-2024-4855: Th...
Denial Of Service (DOS)
Wireshark is vulnerable to Denial Of Service DOS. The vulnerability is due to MONGO and ZigBee TLV dissector infinite loops resulting in Unreachable Exit Condition via packet injection or crafted capture file...
SUSE CVE-2024-4854
MONGO and ZigBee TLV dissector infinite loops in Wireshark 4.2.0 to 4.2.4, 4.0.0 to 4.0.14, and 3.6.0 to 3.6.22 allow denial of service via packet injection or crafted capture file...
CVE-2024-4854
A flaw was found in the MONGO and ZigBee TLV dissectors of Wireshark. This issue occurs when decoding malformed packets from a pcap file or from the network, causing an infinite loop, resulting in a denial of service. Mitigation Mitigation for this issue is either not available or the currently...
KLA67586 Multiple vulnerabilities in Wireshark
Multiple vulnerabilities were found in Wireshark. Malicious users can exploit these vulnerabilities to cause denial of service. Below is a complete list of vulnerabilities: 1. Denial of service vulnerability in MONGO and ZigBee TLV dissectors can be exploited to cause denial of service. 2. Denial...
AZL-42564 CVE-2024-4854 affecting package wireshark for versions less than 4.4.7-1
MONGO and ZigBee TLV dissector infinite loops in Wireshark 4.2.0 to 4.2.4, 4.0.0 to 4.0.14, and 3.6.0 to 3.6.22 allow denial of service via packet injection or crafted capture file...
CVE-2024-4854
CVE-2024-4854 – Wireshark dissector infinite loop Affected: Wireshark versions 3.6.0–3.6.22, 4.0.0–4.0.14, and 4.2.0–4.2.4, where the MONGO and ZigBee TLV dissectors can enter infinite loops. This can enable a denial-of-service via crafted capture files or packet injection. Multiple connected adv...
CVE-2024-0210
A flaw was found in the TLV dissector of Wireshark. It may be possible to make Wireshark crash by injecting a malformed packet onto the wire or by convincing someone to read a malformed packet trace file...
CVE-2024-0210 Uncontrolled Recursion in Wireshark
Zigbee TLV dissector crash in Wireshark 4.2.0 allows denial of service via packet injection or crafted capture file...
CVE-2024-0210 Uncontrolled Recursion in Wireshark
Zigbee TLV dissector crash in Wireshark 4.2.0 allows denial of service via packet injection or crafted capture file...
PT-2024-15387 · Wireshark +1 · Wireshark +1
Name of the Vulnerable Software and Affected Versions: Wireshark version 4.2.0 Description: The issue allows for denial of service via packet injection or crafted capture file, specifically affecting the Zigbee TLV dissector in Wireshark. Recommendations: For Wireshark version 4.2.0, update to a...