Wireshark K12 RF5 File Parser Denial-of-Service Vulnerability

A denial-of-service vulnerability has been identified in Wireshark versions 4.6.0 to 4.6.4 and 4.4.0 to 4.4.14. The issue arises in the K12 RF5 file parser, where the 'k12_dump_src_setting()' function improperly handles string lengths from file data. This flaw allows for a stack buffer overflow, as the function copies data into a stack-allocated buffer without verifying that the data fits, leading to a crash.

Impact

Exploitation of this vulnerability causes a stack buffer overflow, which can lead to a crash of the Wireshark application. In unprotected builds, this type of overflow could potentially be exploited to execute arbitrary code by overwriting the return address on the stack.

Reproduction

The vulnerability can be reproduced by opening a crafted K12 RF5 file in Wireshark and exporting the specified packets. This process triggers the buffer overflow, causing the application to crash. The issue can also be replicated using 'tshark' or 'editcap' commands, which will terminate with a buffer overflow error.

Remediation

Users are advised to upgrade to Wireshark versions 4.6.5, 4.4.15 or later.