Fedora Account System
Red Hat Associate
Red Hat Customer
In Wireshark 3.2.0 to 3.2.2, 3.0.0 to 3.0.9, and 2.6.0 to 2.6.15, the BACapp dissector could crash. This was addressed in epan/dissectors/packet-bacapp.c by limiting the amount of recursion. References: https://www.wireshark.org/security/wnpa-sec-2020-07.html https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=16474 Upstream commit: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=6f56fc9496db158218243ea87e3660c874a0bab0
Created wireshark tracking bugs for this issue: Affects: fedora-all [bug 1824158]
Statement: The versions of Wireshark as shipped with Red Hat Enterprise Linux 7 and earlier are not affected by this issue because the commit was introduced in later versions.
External References: https://www.wireshark.org/security/wnpa-sec-2020-07.html
This flaw appears to be caused because the fAbstractSyntaxNType() function in epan/dissectors/packet-bacapp.c calls other functions such as fLogRecord(), fLogMultipleRecord(), fEventParameter(), which in turn call fAbstractSyntaxNType(). A malformed packet could create a condition in which the recursion depth would overflow the stack size because there was no limitation on recursion depth.