Wireshark ICMPv6 PvD Protocol Exponential Recursion Denial-of-Service Vulnerability

A denial-of-service vulnerability has been identified in the Wireshark ICMPv6 protocol dissector, specifically in versions 4.6.0 through 4.6.4 and 4.4.0 through 4.4.14. The issue arises from the PvD ID option handler, which recursively processes nested options in a way that leads to exponential growth in processing time and memory usage. This can cause Wireshark to hang and consume excessive resources until the process is terminated.

Impact

Exploitation of this vulnerability leads to a significant increase in CPU usage and memory consumption, causing the application to hang and potentially run out of memory, unless the process is killed externally.

Reproduction

The vulnerability can be reproduced by sending an ICMPv6 Router Advertisement packet that includes 25 PvD options. This can be done using a Python script that generates the appropriate packet and sends it to a target machine. The packet can also be read from a file using TShark, Wireshark's command-line interface, which will demonstrate the same effect.

Remediation

Users are advised to upgrade to Wireshark versions 4.6.5, 4.4.15 or later.