Wireshark HTTP3 Dissector Denial-of-Service Vulnerability

A denial-of-service vulnerability has been identified in the HTTP3 dissector of Wireshark versions 4.6.0 and 4.6.1. This issue causes Wireshark to crash or hang, particularly when processing a large number of headers in an HTTP3 conversation. The problem arises because the dissector can become overwhelmed by the volume of data, leading to high CPU usage and application freeze.

Impact

Exploitation of this vulnerability causes Wireshark to crash or hang, with increased CPU usage, similar to the effects of CVE-2016-2525.

Reproduction

The vulnerability can be reproduced by loading a decrypted HTTP/3 conversation in Wireshark 4.6.0 or 4.6.1 that contains a large number of headers. This can be done by injecting SSL decryption keys into Wireshark and then opening a capture file that includes an HTTP/3 stream with numerous headers. Alternatively, the issue can be triggered by sending a packet with a high header count to a Wireshark instance while it is capturing traffic and decrypting TLS.

Remediation

Users can upgrade to Wireshark version 4.7.0 or later, where this issue has been fixed.