Wireshark Sharkd Memory Leak Vulnerability Leading to Denial-of-Service

A memory leak vulnerability has been identified in the Wireshark Sharkd utility, specifically in versions 4.6.0 to 4.6.4 and 4.4.0 to 4.4.14. This vulnerability allows for a denial-of-service condition by causing excessive memory consumption. The issue arises because the 'cf_open' function in 'sharkd' does not properly free previously allocated resources before overwriting them. As a result, each load request can leak a significant amount of memory, estimated at around 440 KB, plus additional data from the loaded capture files. This unbounded memory growth can be triggered by an unauthenticated attacker sending repeated load requests through the Sharkd socket.

Impact

Exploitation of this vulnerability leads to a memory leak, causing the Sharkd utility to consume excessive amounts of memory. This can result in a denial-of-service condition, where the service becomes unresponsive or unavailable due to resource exhaustion.

Reproduction

The vulnerability can be reproduced by sending multiple load requests to the Sharkd utility using the JSON-RPC protocol. Each request should include a reference to a capture file, such as a PCAP file, which will trigger the memory leak. This can be done manually or automated with a script that loops through the load requests.

Remediation

Users are advised to upgrade to Wireshark versions 4.6.5, 4.4.15 or later.