Amazon Linux 2023 : wireshark-cli, wireshark-devel (ALAS2023-2024-673)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2024-673 advisory. Memory handling issue in editcap could cause denial of service via crafted capture file CVE-2024-4853 MONGO and ZigBee TLV dissector infinite loops in Wireshark 4.2.0 to 4.2.4, 4.0.0 to 4.0.14,...

Wireshark Multiple Vulnerabilities (Jul 2024) - Linux

Wireshark is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:wireshark:wireshark"; ifdescripti...

Wireshark Multiple Vulnerabilities (Jul 2024) - Mac OS X

Wireshark is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:wireshark:wireshark"; ifdescripti...

SUSE-SU-2024:2265-1 Security update for wireshark

This update for wireshark fixes the following issues: Update to version 3.6.22: - CVE-2024-4854: MONGO and ZigBee TLV dissector infinite loops bsc1224274 - CVE-2024-4853: The editcap command line utility could crash when chopping bytes from the beginning of a packet bsc1224259 - CVE-2024-4855: Th...

CVE-2024-3043

An unauthenticated IEEE 802.15.4 'co-ordinator realignment' packet can be used to force Zigbee nodes to change their network identifier pan ID, leading to a denial of service. This packet type is not useful in production and should be used only for PHY qualification...

CVE-2024-3043

An unauthenticated IEEE 802.15.4 'co-ordinator realignment' packet can be used to force Zigbee nodes to change their network identifier pan ID, leading to a denial of service. This packet type is not useful in production and should be used only for PHY qualification...

CVE-2024-3017 Denial of service in multi-protocol gateway - Zigbee + Thread

In a Silicon Labs multi-protocol gateway, a corrupt pointer to buffered data on a multi-protocol radio co-processor RCP causes the OpenThread Border RouterOTBR application task running on the host platform to crash, allowing an attacker to cause a temporary denial-of-service...

CVE-2024-3017 Denial of service in multi-protocol gateway - Zigbee + Thread

In a Silicon Labs multi-protocol gateway, a corrupt pointer to buffered data on a multi-protocol radio co-processor RCP causes the OpenThread Border RouterOTBR application task running on the host platform to crash, allowing an attacker to cause a temporary denial-of-service...

CVE-2024-3043 Zigbee co-ordinator realignment packet may lead to denial of service

An unauthenticated IEEE 802.15.4 'co-ordinator realignment' packet can be used to force Zigbee nodes to change their network identifier pan ID, leading to a denial of service. This packet type is not useful in production and should be used only for PHY qualification...

CVE-2024-3043 Zigbee co-ordinator realignment packet may lead to denial of service

An unauthenticated IEEE 802.15.4 'co-ordinator realignment' packet can be used to force Zigbee nodes to change their network identifier pan ID, leading to a denial of service. This packet type is not useful in production and should be used only for PHY qualification...

CVE-2024-3043

CVE-2024-3043 involves an unauthenticated IEEE 802.15.4 “co-ordinator realignment” packet that forces Zigbee nodes to change their network identifier (PAN ID), causing a denial of service. The issue is triggered by a specific packet type used for PHY qualification, not production. The documented ...

Wireshark Multiple Vulnerabilities (Jun 2024) - Windows

Wireshark is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:wireshark:wireshark"; ifdescripti...

OESA-2024-1727 wireshark security update

Wireshark is an open source tool for profiling network traffic and analyzing packets. Such a tool is often referred to as a network analyzer, network protocol analyzer or sniffer. Security Fixes: Memory handling issue in editcap could cause denial of service via crafted capture fileCVE-2024-4853...

OESA-2024-1728 wireshark security update

Wireshark is an open source tool for profiling network traffic and analyzing packets. Such a tool is often referred to as a network analyzer, network protocol analyzer or sniffer. Security Fixes: MONGO and ZigBee TLV dissector infinite loops in Wireshark 4.2.0 to 4.2.4, 4.0.0 to 4.0.14, and 3.6.0...

OESA-2024-1725 wireshark security update

Wireshark is an open source tool for profiling network traffic and analyzing packets. Such a tool is often referred to as a network analyzer, network protocol analyzer or sniffer. Security Fixes: MONGO and ZigBee TLV dissector infinite loops in Wireshark 4.2.0 to 4.2.4, 4.0.0 to 4.0.14, and 3.6.0...

OESA-2024-1726 wireshark security update

Wireshark is an open source tool for profiling network traffic and analyzing packets. Such a tool is often referred to as a network analyzer, network protocol analyzer or sniffer. Security Fixes: MONGO and ZigBee TLV dissector infinite loops in Wireshark 4.2.0 to 4.2.4, 4.0.0 to 4.0.14, and 3.6.0...

The vulnerabilities of the MONGO and ZigBee TLV traffic analyzer in computer networks can be exploited by attackers, causing service interruptions.

The vulnerability of the MONGO and ZigBee TLV traffic analyzer in Wireshark relates to the execution of a cycle with an unavailable exit condition. Exploiting this vulnerability allows a malicious actor to cause a service failure by sending specially crafted packets...

Denial Of Service (DOS)

Wireshark is vulnerable to Denial Of Service DOS. The vulnerability is due to MONGO and ZigBee TLV dissector infinite loops resulting in Unreachable Exit Condition via packet injection or crafted capture file...

SUSE CVE-2024-4854

MONGO and ZigBee TLV dissector infinite loops in Wireshark 4.2.0 to 4.2.4, 4.0.0 to 4.0.14, and 3.6.0 to 3.6.22 allow denial of service via packet injection or crafted capture file...

CVE-2024-4854

A flaw was found in the MONGO and ZigBee TLV dissectors of Wireshark. This issue occurs when decoding malformed packets from a pcap file or from the network, causing an infinite loop, resulting in a denial of service. Mitigation Mitigation for this issue is either not available or the currently...