An infinite loop issue was discovered in Wireshark's TN5250 dissector. It may be possible to make Wireshark consume an excessive amount of CPU by injecting a malformed packet onto the wire or by convincing someone to read a malformed packet trace file. This is reported to affect Wireshark versions 1.12.0 to 1.12.1, and 1.10.0 to 1.10.10. It is fixed in versions 1.12.2 and 1.10.11. https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=10596 The version of Wireshark in Red Hat Enterprise Linux 5 and 6 is older than 1.10.x, and may not be affected. The version of Wireshark in Red Hat Enterprise Linux 7 is affected. External References: https://www.wireshark.org/security/wnpa-sec-2014-23.html
Created wireshark tracking bugs for this issue: Affects: fedora-all [bug 1163585]
upstream fix ------------ Patch1: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=patch;h=d7174c0fcb19dd31526117298133f7a9767e848e
wireshark-1.10.11-1.fc20 has been pushed to the Fedora 20 stable repository. If problems still persist, please make note of it in this bug report.
Analysis ======== In the code of Wireshark's TN5250 dissector If value of length becomes 0 while ((offset - start) < sf_length) { length = tvb_get_guint8(tvb,offset); ... offset += length; // offset = offset + 0 ; } then the value of offset does not increase, which can lead to infinite loop, causing consumption of CPU and memory.
This issue has been addressed in the following products: Red Hat Enterprise Linux 6 Via RHSA-2015:1460 https://rhn.redhat.com/errata/RHSA-2015-1460.html
This issue has been addressed in the following products: Red Hat Enterprise Linux 7 Via RHSA-2015:2393 https://rhn.redhat.com/errata/RHSA-2015-2393.html
Statement: This issue did not affect the version of wireshark as shipped with Red Hat Enterprise Linux 5