HCE3-SA-2025-0175 Important HCE 3.0 Security Fix(es): SPRT dissector crash in Wireshark 4.2.0 to 4.0.5 and 4.0.0 to 4.0.15 allows denial of service via packet injection or crafted capture file (CVE-2024-8645) MONGO and ZigBee TLV dissector infinite loops in Wireshark 4.2.0 to 4.2.4, 4.0.0 to 4.0.14, and 3.6.0 to 3.6.22 allow denial of service via packet injection or crafted capture file (CVE-2024-4854) NTLMSSP dissector crash in Wireshark 4.2.0 to 4.0.6 and 4.0.0 to 4.0.16 allows denial of service via packet injection or crafted capture file (CVE-2024-8250) Memory handling issue in editcap could cause denial of service via crafted capture file (CVE-2024-4853) Use after free issue in editcap could cause denial of service via crafted capture file (CVE-2024-4855) A buffer overflow in Wireshark before 4.2.0 allows a remote attacker to cause a denial of service via the pan/addr_resolv.c, and ws_manuf_lookup_str(), size components. NOTE: this is disputed by the vendor because neither release 4.2.0 nor any other release was affected. (CVE-2024-24476) HCE 3.0 wireshark-3.6.14-12.hce3.x86_64.rpm wireshark-devel-3.6.14-12.hce3.x86_64.rpm wireshark-help-3.6.14-12.hce3.x86_64.rpm wireshark-3.6.14-12.hce3.aarch64.rpm wireshark-devel-3.6.14-12.hce3.aarch64.rpm wireshark-help-3.6.14-12.hce3.aarch64.rpm