wnpa-sec-2018-06 · Large or infinite loops in multiple dissectors

Summary

Name: Large or infinite loops in multiple dissectors

Docid: wnpa-sec-2018-06

Date: February 23, 2018

Affected versions: 2.4.0 to 2.4.4, 2.2.0 to 2.2.12

Fixed versions: 2.4.5, 2.2.13

References:
Wireshark issue 14379
Wireshark issue 14408
Wireshark issue 14411
Wireshark issue 14412
Wireshark issue 14413
Wireshark issue 14414
Wireshark issue 14419
Wireshark issue 14420
Wireshark issue 14421
Wireshark issue 14423
Wireshark issue 14428
Wireshark issue 14444
Wireshark issue 14445
Wireshark issue 14449
CVE-2018-7321
CVE-2018-7322
CVE-2018-7323
CVE-2018-7324
CVE-2018-7325
CVE-2018-7326
CVE-2018-7327
CVE-2018-7328
CVE-2018-7329
CVE-2018-7330
CVE-2018-7331
CVE-2018-7332
CVE-2018-7333

Details

Description

Multiple dissectors could go into large infinite loops. All ASN.1 BER dissectors, along with the DICOM, DMP, LLTD, OpenFlow, RELOAD, RPCoRDMA, RPKI-Router, S7COMM, SCCP, Thread, Thrift, USB, and WCCP dissectors were susceptible.

Impact

It may be possible to make Wireshark consume excessive CPU resources by injecting a malformed packet onto the wire or by convincing someone to read a malformed packet trace file.

Resolution

Upgrade to Wireshark 2.4.5, 2.2.13 or later.