wnpa-sec-2012-08 · Infinite and large loops in many dissectors
Summary
Name: Infinite and large loops in many dissectors
Docid: wnpa-sec-2012-08
Date: May 21, 2012
Affected versions: 1.4.0 to 1.4.12, 1.6.0 to 1.6.7
Fixed versions: 1.4.13, 1.6.8
References:
Wireshark bugs
6805,
7118,
7119,
7120,
7121,
7122,
7124,
7125
CVE-2012-2392
Details
Description
Infinite and large loops in the ANSI MAP, ASF, BACapp, Bluetooth HCI, IEEE 802.11, IEEE 802.3, LTP, and R3 dissectors have been fixed. Discovered by Laurent Butti.
Impact
It may be possible to make Wireshark hang for long or indefinite periods by injecting a malformed packet onto the wire or by convincing someone to read a malformed packet trace file.
Resolution
Upgrade to Wireshark 1.4.13, 1.6.8 or later.