Wireshark SOME/IP-SD Protocol Dissector Denial-of-Service Vulnerability

A denial-of-service vulnerability has been identified in the Wireshark SOME/IP-SD protocol dissector, present in Wireshark versions 4.6.0 to 4.6.2 and 4.4.0 to 4.4.12. The issue arises from a buffer overflow in the 'dissect_someip_sd_pdu_options()' function, which improperly validates option numbers before writing to a static array. This flaw can be exploited by sending malformed packets that cause the dissector to crash, and potentially allow for remote code execution by overwriting data in the global section.

Impact

Exploitation of this vulnerability leads to a guaranteed crash of Wireshark when processing malformed packets. Additionally, the buffer overflow could be exploited to execute arbitrary code, as the overflowed data can be controlled by the attacker.

Reproduction

The vulnerability can be reproduced by using Wireshark or Tshark to read a packet capture file that contains malformed SOME/IP-SD packets. This can be done by injecting such packets onto the network or by convincing a user to open a packet capture file that contains them. When Wireshark processes these packets, it will crash due to the unhandled buffer overflow in the SOME/IP-SD dissector.

Remediation

Users are advised to upgrade to Wireshark versions 4.6.3, 4.4.13 or later.