Denial of service vulnerability in LAN Messenger

Posted date 07/05/2024
4 - High
Affected Resources

LAN Messenger, version 3.4.0.


INCIBE has coordinated the publication of a high severity vulnerability affecting LAN Messenger, version 3.4.0, a cross-platform instant messaging application for communication over a local network, which has been discovered by Rafael Pedrero.

This vulnerability has been assigned the following code, CVSS v3.1 base score, CVSS vector and vulnerability type CWE:

  • CVE-2024-4599: 7.5 | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H | CWE-400.

There is no reported solution at this time.


CVE-2024-4599: remote denial of service vulnerability in LAN Messenger affecting version 3.4.0. This vulnerability allows an attacker to crash the LAN Messenger service by sending a long string directly and continuously over the UDP protocol.

References list