Wireshark OpenFlow v6 Protocol Dissector Infinite Loop Vulnerability Allowing Denial-of-Service

A denial-of-service vulnerability has been identified in the OpenFlow v6 protocol dissector of Wireshark. This issue, present in Wireshark versions 4.6.0 through 4.6.4 and 4.4.0 through 4.4.14, arises from a bundle property underflow that leads to an infinite loop. The problem occurs when the property length is less than four, causing an unsigned subtraction that wraps and prevents the loop from terminating. As a result, Wireshark can be made to consume excessive CPU resources.

Impact

Exploitation of this vulnerability can cause Wireshark to enter an infinite loop, significantly increasing CPU usage. This behavior can be triggered by injecting a malformed packet or by persuading a user to open a packet trace file that contains such a packet.

Reproduction

The vulnerability can be reproduced by using TShark, the command-line version of Wireshark, to read a packet capture file (PCAPNG) that contains OpenFlow v6 packets with a bundle property length of zero. This can be done by applying the 'ip.defragment:FALSE' option to prevent IP packet defragmentation, which could otherwise alter the packet contents and potentially mask the vulnerability.

Remediation

Users can upgrade to Wireshark versions 4.6.5, 4.4.15 or later to address this vulnerability.