Bug 1831675 (CVE-2019-12295)

Summary: CVE-2019-12295 wireshark: missing dissection recursion checks leads to denial of service
Product: [Other] Security Response Reporter: msiddiqu
Component: vulnerabilityAssignee: Red Hat Product Security <security-response-team>
Status: CLOSED WONTFIX QA Contact:
Severity: medium Docs Contact:
Priority: medium    
Version: unspecifiedCC: denis, huzaifas, lemenkov, mruprich, msehnout, mwc, peter, rvokal, sergey.avseyev
Target Milestone: ---Keywords: Security
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: wireshark 3.0.2, wireshark 2.6.9, wireshark 2.4.15 Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2021-06-29 20:30:28 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 1832599, 1832600    
Bug Blocks: 1831679    

Description msiddiqu 2020-05-05 13:18:17 UTC 
In Wireshark 3.0.0 to 3.0.1, 2.6.0 to 2.6.8, and 2.4.0 to 2.4.14, the dissection engine could crash. This was addressed in epan/packet.c by restricting the number of layers and consequently limiting recursion.


References: 

https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=15778

Upstream commit:

https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=7b6e197da4c497e229ed3ebf6952bae5c426a820

External References:

https://www.wireshark.org/security/wnpa-sec-2019-19.html
Comment 1 msiddiqu 2020-05-05 13:22:22 UTC 
*** Bug 1718140 has been marked as a duplicate of this bug. ***
Comment 4 Stefan Cornelius 2020-05-26 21:10:58 UTC 
Statement:

During testing we could not reproduce this issue (with a default stack size and the binaries as shipped in our products). It's possible that this issue only manifests itself when using binaries compiled with address sanitizer, which can dramatically increase stack usage. Yet, it also can't be entirely ruled out that there may be a way to exploit this using a method currently unknown to us, thus, this has an impact of Moderate.