Wireshark SMB2 Protocol Denial-of-Service Vulnerability

A denial-of-service vulnerability has been identified in the SMB2 protocol dissector of Wireshark. This issue is present in Wireshark versions 4.6.0 through 4.6.4 and 4.4.0 through 4.4.14. The vulnerability arises because the dissector does not properly limit the total size of chained compression segments, allowing for excessive memory allocation. Exploitation of this vulnerability can be achieved by injecting a malformed packet or by convincing a user to open a packet trace file containing the malformed data.

Impact

Exploitation of this vulnerability can lead to a crash of the Wireshark application or cause it to consume excessive system resources, potentially disrupting normal operations.

Reproduction

The vulnerability can be reproduced by using TShark, the command-line version of Wireshark, to read a packet capture file that contains 74 chained PATTERN_V1 segments. Each segment requests a repetition of 1,000,000 bytes, causing Wireshark to allocate a significant amount of memory. This can be done by setting the ASAN_OPTIONS environment variable to disable memory leak detection and using TShark to read the crafted packet capture file.

Remediation

Users are advised to upgrade to Wireshark versions 4.6.5, 4.4.15 or later.