Wireshark ASN.1 PER Protocol Dissector Denial-of-Service Vulnerability

A denial-of-service vulnerability has been identified in Wireshark versions 4.6.0 through 4.6.4 and 4.4.0 through 4.4.14. The issue arises in the ASN.1 Packed Encoding Rules (PER) protocol dissector, specifically within the NGAP (Next Generation Application Protocol) handling. The vulnerability allows for a process crash due to a stack overflow, caused by unbounded recursion when dissecting certain choice types in crafted packets.

Impact

Exploitation of this vulnerability leads to a stack overflow, causing a process crash. This behavior has been confirmed with the AddressSanitizer tool, which reported a stack-overflow error during the recursive dissection of a malformed NGAP packet.

Reproduction

The vulnerability can be reproduced using TShark, the command-line version of Wireshark. After setting a stack size limit to 2048 kilobytes, TShark can be run with a capture file that contains the crafted NGAP packet. This packet should be structured to nest the Cause CHOICE type recursively, exploiting the lack of recursion depth limits in the ASN.1 PER dissector.

Remediation

Users are advised to upgrade to Wireshark versions 4.6.5, 4.4.15 or later.