Wireshark Bundle Protocol and CBOR Dissector Denial-of-Service Vulnerability

A denial-of-service vulnerability has been identified in the Wireshark network protocol analyzer, specifically in versions 4.4.0 to 4.4.3 and 4.2.0 to 4.2.10. The issue arises in the Bundle Protocol and CBOR dissectors, where improper handling of certain packet data can lead to a stack overflow, causing the application to crash. This vulnerability can be exploited by injecting malformed packets into the network or by using a crafted capture file that contains the problematic data.

Impact

Exploitation of this vulnerability causes Wireshark to crash, interrupting any active packet analysis or troubleshooting tasks.

Reproduction

The vulnerability can be reproduced by using a capture file that contains malformed CBOR data, specifically one that causes the CBOR dissector to enter a deep recursion, leading to a stack overflow. This can be done by injecting similar malformed packets into the network, which Wireshark will then process, causing the application to crash.

Remediation

Users can upgrade to Wireshark versions 4.4.4, 4.2.11 or later to address this vulnerability.