wnpa-sec-2017-38 · MSDP dissector infinite loop
Summary
Name: MSDP dissector infinite loop
Docid: wnpa-sec-2017-38
Date: August 29, 2017
Affected versions: 2.4.0, 2.2.0 to 2.2.8, 2.0.0 to 2.0.14
Fixed versions: 2.4.1, 2.2.9, 2.0.15
References:
Wireshark issue 13933.
CVE-2017-13767.
Details
Description
The MSDP dissector could go into an infinite loop. Discovered by Zhangwangjunjie and Marco Grass.
Impact
It may be possible to make Wireshark consume excessive CPU resources by injecting a malformed packet onto the wire or by convincing someone to read a malformed packet trace file.
Resolution
Upgrade to Wireshark 2.4.1, 2.2.9, 2.0.15 or later.