Wireshark BEEP Protocol Dissector Denial-of-Service Vulnerability

A denial-of-service vulnerability has been identified in the BEEP (Blocks Extensible Exchange Protocol) dissector of Wireshark. This issue affects Wireshark versions 4.6.0 to 4.6.4 and 4.4.0 to 4.4.14. The vulnerability arises from a stack-call overflow caused by an unguarded recursive function in the BEEP dissector. When a specially crafted network packet is processed, the recursion depth can escalate rapidly, leading to a stack overflow that crashes the Wireshark process.

Impact

Exploitation of this vulnerability causes Wireshark or TShark to crash. The process termination is abrupt, with the operating system sending a SIGSEGV signal due to the stack overflow.

Reproduction

The vulnerability can be reproduced by delivering a malicious PCAP file containing a crafted BEEP packet, or by generating TCP traffic that includes malformed BEEP packets during a live capture. This triggers the recursive function in the dissector, causing the stack overflow.

Remediation

Users are advised to upgrade to Wireshark versions 4.6.5, 4.4.15 or later.