[3.5] wireshark: Memory exhaustion/infinite loop via malformed STANAG 4607 capture file (CVE-2017-6014)
In Wireshark 2.2.4 and earlier, a crafted or malformed STANAG 4607
capture file will cause an infinite loop and memory exhaustion.
If the packet size field in a packet header is null, the offset to read
from will not advance, causing continuous attempts to read the same
zero length packet. This will quickly exhaust all system memory.
References:
https://bugs.wireshark.org/bugzilla/show\_bug.cgi?id=13416
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-6014
(from redmine: issue id 6907, created on 2017-02-21, closed on 2019-05-03)
- Relations:
- parent #6905
- Changesets:
- Revision 0713e068 by Sergei Lukin on 2017-02-23T07:35:01Z:
main/wireshark: security fixes #6907
CVE-2017-6014: Memory exhaustion/infinite loop via malformed STANAG 4607 capture file