CVE-2024-4854 in Wiresharkinfo

Summary

by MITRE • 05/14/2024

MONGO and ZigBee TLV dissector infinite loops in Wireshark 4.2.0 to 4.2.4, 4.0.0 to 4.0.14, and 3.6.0 to 3.6.22 allow denial of service via packet injection or crafted capture file

Once again VulDB remains the best source for vulnerability data.

Analysis

by VulDB Data Team • 04/19/2025

The vulnerability identified as CVE-2024-4854 represents a critical denial of service flaw affecting Wireshark versions ranging from 3.6.0 through 3.6.22 and 4.0.0 through 4.0.14, along with 4.2.0 to 4.2.4. This issue specifically targets the MONGO and ZigBee TLV dissectors within the network protocol analysis tool, creating a condition where the application becomes unresponsive due to infinite loop execution. The flaw manifests when Wireshark processes specially crafted network packets or capture files containing malformed MONGO or ZigBee TLV data structures, leading to a complete system freeze or resource exhaustion that prevents further packet analysis operations.

The technical root cause of this vulnerability lies in insufficient input validation within the dissector components responsible for parsing MONGO and ZigBee TLV protocol data. When these dissectors encounter malformed or unexpected data structures, they fail to properly handle boundary conditions and iteration controls, resulting in recursive or continuous loop execution patterns. This behavior directly maps to CWE-835, which specifically addresses infinite loops in software implementations, where the lack of proper loop termination conditions allows malicious inputs to cause indefinite execution. The vulnerability exploits the fundamental parsing logic of protocol dissectors, which are designed to traverse and interpret network protocol structures but fail to account for malformed data that could cause control flow to become trapped in repetitive execution paths.

The operational impact of CVE-2024-4854 extends beyond simple application instability, creating significant security and operational risks for network analysts and security professionals who rely on Wireshark for network monitoring and incident response activities. An attacker could exploit this vulnerability by crafting malicious network packets or capture files containing specifically formatted MONGO or ZigBee TLV data, then either injecting these packets into a network where Wireshark is actively monitoring or providing the malicious capture files to unsuspecting users. This attack vector aligns with ATT&CK technique T1070.004, which covers the use of application or system binaries for defense evasion, though in this case the technique manifests as a denial of service rather than evasion. The vulnerability effectively renders the Wireshark application unusable until manually restarted, potentially interrupting critical network monitoring operations and forensic analysis activities.

Mitigation strategies for CVE-2024-4854 focus primarily on immediate version updates to patched releases of Wireshark, as the vulnerability has been addressed in subsequent versions through enhanced input validation and loop termination controls within the affected dissectors. Network security teams should prioritize patching affected systems and implementing monitoring for suspicious packet patterns that might indicate exploitation attempts. Additionally, administrators should consider implementing network segmentation and access controls to limit exposure to potentially malicious traffic, while also maintaining offline capture file validation procedures before opening unknown or untrusted capture files in Wireshark environments. The vulnerability demonstrates the critical importance of robust input validation in network protocol analysis tools, where malformed data could potentially be used to disrupt security operations and compromise network monitoring capabilities.

Reservation

05/14/2024

Disclosure

05/14/2024

Moderation

accepted

CPE

ready

EPSS

0.00811

KEV

no

Activities

very low

Sources

Do you need the next level of professionalism?

Upgrade your account now!