Fedora Account System
Red Hat Associate
Red Hat Customer
An infinite loop issue was discovered in Wireshark's TN5250 dissector. It may be possible to make Wireshark consume an excessive amount of CPU by injecting a malformed packet onto the wire or by convincing someone to read a malformed packet trace file. This is reported to affect Wireshark versions 1.12.0 to 1.12.1, and 1.10.0 to 1.10.10. It is fixed in versions 1.12.2 and 1.10.11. https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=10596 The version of Wireshark in Red Hat Enterprise Linux 5 and 6 is older than 1.10.x, and may not be affected. The version of Wireshark in Red Hat Enterprise Linux 7 is affected. External References: https://www.wireshark.org/security/wnpa-sec-2014-23.html
Created wireshark tracking bugs for this issue: Affects: fedora-all [bug 1163585]
upstream fix ------------ Patch1: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=patch;h=d7174c0fcb19dd31526117298133f7a9767e848e
wireshark-1.10.11-1.fc20 has been pushed to the Fedora 20 stable repository. If problems still persist, please make note of it in this bug report.
Analysis ======== In the code of Wireshark's TN5250 dissector If value of length becomes 0 while ((offset - start) < sf_length) { length = tvb_get_guint8(tvb,offset); ... offset += length; // offset = offset + 0 ; } then the value of offset does not increase, which can lead to infinite loop, causing consumption of CPU and memory.
This issue has been addressed in the following products: Red Hat Enterprise Linux 6 Via RHSA-2015:1460 https://rhn.redhat.com/errata/RHSA-2015-1460.html
This issue has been addressed in the following products: Red Hat Enterprise Linux 7 Via RHSA-2015:2393 https://rhn.redhat.com/errata/RHSA-2015-2393.html
Statement: This issue did not affect the version of wireshark as shipped with Red Hat Enterprise Linux 5