Name: Large or infinite loops in multiple dissectors
Date: February 23, 2018
Affected versions: 2.4.0 to 2.4.4, 2.2.0 to 2.2.12
Fixed versions: 2.4.5, 2.2.13
Wireshark bug 14379
Wireshark bug 14408
Wireshark bug 14411
Wireshark bug 14412
Wireshark bug 14413
Wireshark bug 14414
Wireshark bug 14419
Wireshark bug 14420
Wireshark bug 14421
Wireshark bug 14423
Wireshark bug 14428
Wireshark bug 14444
Wireshark bug 14445
Wireshark bug 14449
Multiple dissectors could go into large infinite loops. All ASN.1 BER dissectors, along with the DICOM, DMP, LLTD, OpenFlow, RELOAD, RPCoRDMA, RPKI-Router, S7COMM, SCCP, Thread, Thrift, USB, and WCCP dissectors were susceptible.
It may be possible to make Wireshark consume excessive CPU resources by injecting a malformed packet onto the wire or by convincing someone to read a malformed packet trace file.
Upgrade to Wireshark 2.4.5, 2.2.13 or later.
Riverbed is Wireshark's primary sponsor and provides our funding. They also make great products that fully integrate with Wireshark.
I have a lot of traffic...
ANSWER: SteelCentral™ AppResponse 11
- • Full stack analysis – from packets to pages
- • Rich performance metrics & pre-defined insights for fast problem identification/resolution
- • Modular, flexible solution for deeply-analyzing network & application performance