Bugzilla – Bug 1224274
VUL-0: CVE-2024-4854: wireshark: MONGO and ZigBee TLV dissector infinite loops via packet injection or crafted capture file
Last modified: 2024-07-02 12:30:20 UTC
MONGO and ZigBee TLV dissector infinite loops in Wireshark 4.2.0 to 4.2.4, 4.0.0 to 4.0.14, and 3.6.0 to 3.6.22 allow denial of service via packet injection or crafted capture file References: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2024-4854 https://www.cve.org/CVERecord?id=CVE-2024-4854 https://gitlab.com/wireshark/wireshark/-/issues/19726 https://gitlab.com/wireshark/wireshark/-/merge_requests/15047 https://gitlab.com/wireshark/wireshark/-/merge_requests/15499 https://www.wireshark.org/security/wnpa-sec-2024-07.html
I'd say this affects: - SUSE:SLE-15:Update/wireshark - SUSE:SLE-15-SP6:Update/wireshark - SUSE:ALP:Source:Standard:1.0/wireshark - SUSE:SLFO:Main/wireshark
the upstream CVE process changes all the time with them.. Will submit once 4.2.5 is released.
SUSE-SU-2024:2265-1: An update that solves three vulnerabilities can now be installed. Category: security (moderate) Bug References: 1224259, 1224274, 1224276 CVE References: CVE-2024-4853, CVE-2024-4854, CVE-2024-4855 Maintenance Incident: [SUSE:Maintenance:34479](https://smelt.suse.de/incident/34479/) Sources used: openSUSE Leap 15.6 (src): wireshark-3.6.23-150600.18.3.1 Basesystem Module 15-SP6 (src): wireshark-3.6.23-150600.18.3.1 Desktop Applications Module 15-SP6 (src): wireshark-3.6.23-150600.18.3.1 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.