Fuzzed PCAP eats large amounts of memory

vendor:

TShark

by:

Gerald Combs

7,5

CVSS

HIGH

Memory Leak

400

CWE

Product Name: TShark

Affected Version From: 2.0.2

Affected Version To: Recent build from repository

Patch Exists: YES

Related CWE: N/A

CPE: a:wireshark:wireshark

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: Linux

2016

Fuzzed PCAP eats large amounts of memory

A single UDP packet on tshark 2.0.2 and a recent build from repository can cause a memory leak of more than 4GB.

Mitigation:

Upgrade to the latest version of TShark

Source

Exploit-DB raw data:

Build Information:
TShark (Wireshark) 2.0.2 (SVN Rev Unknown from unknown)

Copyright 1998-2016 Gerald Combs <gerald@wireshark.org> and contributors.
License GPLv2+: GNU GPL version 2 or later <http://www.gnu.org/licenses/old-licenses/gpl-2.0.html>
This is free software; see the source for copying conditions. There is NO
warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.

Compiled (64-bit) with libpcap, with POSIX capabilities (Linux), with libnl 3,
with libz 1.2.8, with GLib 2.48.0, with SMI 0.4.8, with c-ares 1.10.0, with Lua
5.2, with GnuTLS 3.4.10, with Gcrypt 1.6.5, with MIT Kerberos, with GeoIP.

Running on Linux 4.4.0-22-generic, with locale en_GB.UTF-8, with libpcap version
1.7.4, with libz 1.2.8, with GnuTLS 3.4.10, with Gcrypt 1.6.5.
Intel Core Processor (Haswell) (with SSE4.2)

Built using gcc 5.3.1 20160407.

--
Fuzzed PCAP eats large amounts of memory ( >4GB ) with a single UDP packet on tshark 2.0.2 and a recent build from repository


Proof of Concept:
https://gitlab.com/exploit-database/exploitdb-bin-sploits/-/raw/main/bin-sploits/40195.zip