A denial of service flaw was found in the way DOCSIS 3.0 CM-STATUS dissector of Wireshark, a network traffic analyzer, performed dissection of certain DOCSIS 3.0 CM-STATUS packet capture files. A remote attacker could provide a specially-crafted DOCSIS 3.0 CM-STATUS packet / packet capture that, when processed, would lead to excessive CPU consumption or into situation where tshark executable would enter an infinite loop, when trying to process the crafted packet / packet capture file.
Upstream bug report:
Sample packet capture:
Relevant upstream patch:
Created wireshark tracking bugs for this issue
Affects: fedora-all [bug 906387]
Not Vulnerable. This issue does not affect the version of wireshark as shipped with Red Hat Enterprise Linux 5 and 6.