CVSS 3.1 Score 6.4 of 10 (medium)


Published May 14, 2024
CWE ID 835


CVE-2024-4854 is a vulnerability that affects Wireshark versions 4.2.0 to 4.2.4, 4.0.0 to 4.0.14, and 3.6.0 to 3.6.22, specifically the MONGO and ZigBee TLV dissector components. This vulnerability can be exploited through packet injection or a crafted capture file, leading to denial of service incidents. The risk score is rated at 64, with a base severity of MEDIUM and a base score of 6.4 according to CVSS version 3.1 standards. The impact is considered low in terms of integrity and confidentiality, but high in terms of availability. No privileges are required for exploitation, but user interaction is necessary on a network level to trigger the vulnerability. Organizations should apply the necessary updates or patches provided by Wireshark to remediate this vulnerability and prevent potential denial of service attacks from occurring.


Explore Beyond the CVE Basics with Recorded Future's Vulnerability Intelligence

Note: This is just a basic overview providing quick insights into CVE-2024-4854 information. Gain full access to comprehensive CVE data, risk scores, prioritization, and mitigation data through Recorded Future's Vulnerability Intelligence:
  • Prioritize with Risk-Based Scoring
  • Explore the Extensive Vulnerability Database
  • Receive Early Alerts on Emerging CVEs
  • Focus on Critical Exploitable Vulnerabilities
  • Streamline Remediation with Integration Options