Bug 1831675 (CVE-2019-12295) - CVE-2019-12295 wireshark: missing dissection recursion checks leads to denial of service
Summary: CVE-2019-12295 wireshark: missing dissection recursion checks leads to denial...
Keywords:
Status: CLOSED WONTFIX
Alias: CVE-2019-12295
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Red Hat Product Security
QA Contact:
URL:
Whiteboard:
: 1718140 (view as bug list)
Depends On: 1832599 1832600
Blocks: 1831679
TreeView+ depends on / blocked
 
Reported: 2020-05-05 13:18 UTC by msiddiqu
Modified: 2021-06-29 20:30 UTC (History)
9 users (show)

Fixed In Version: wireshark 3.0.2, wireshark 2.6.9, wireshark 2.4.15
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed: 2021-06-29 20:30:28 UTC


Attachments (Terms of Use)

Description msiddiqu 2020-05-05 13:18:17 UTC
In Wireshark 3.0.0 to 3.0.1, 2.6.0 to 2.6.8, and 2.4.0 to 2.4.14, the dissection engine could crash. This was addressed in epan/packet.c by restricting the number of layers and consequently limiting recursion.


References: 

https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=15778

Upstream commit:

https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=7b6e197da4c497e229ed3ebf6952bae5c426a820

External References:

https://www.wireshark.org/security/wnpa-sec-2019-19.html

Comment 1 msiddiqu 2020-05-05 13:22:22 UTC
*** Bug 1718140 has been marked as a duplicate of this bug. ***

Comment 4 Stefan Cornelius 2020-05-26 21:10:58 UTC
Statement:

During testing we could not reproduce this issue (with a default stack size and the binaries as shipped in our products). It's possible that this issue only manifests itself when using binaries compiled with address sanitizer, which can dramatically increase stack usage. Yet, it also can't be entirely ruled out that there may be a way to exploit this using a method currently unknown to us, thus, this has an impact of Moderate.


Note You need to log in before you can comment on or make changes to this bug.