A vulnerability was reported in Wireshark. A remote user can send a specially crafted IKE packet to cause the IKEv1 dissector to enter an infinite loop. The vulnerability resides in the proto_tree_add_item() function in 'tshark.c'. http://www.securityfocus.com/archive/1/archive/1/519049/100/0/threaded Not yet acknowledged by Wireshark upstream, no testing done yet to determine affected versions. Statement: This issue does not affect the version of wireshark shipped with Red Hat Enterprise Linux 4, 5 and 6.
This is now acknowledged upstream: http://www.wireshark.org/security/wnpa-sec-2011-13.html and fixed via https://admin.fedoraproject.org/updates/FEDORA-2011-12423 https://admin.fedoraproject.org/updates/FEDORA-2011-12403 https://admin.fedoraproject.org/updates/FEDORA-2011-12399
Upstream patch: http://anonsvn.wireshark.org/viewvc/trunk/epan/dissectors/packet-isakmp.c?r1=38247&r2=38246&pathrev=38247