Wireshark WCP Dissector 'epan/dissectors/packet-wcp.c' Denial of Service Vulnerability

Wireshark is prone to a remote denial-of-service vulnerability because it fails to properly handle certain types of packets.

An attacker can leverage this issue to crash the affected application, denying service to legitimate users.

Wireshark versions 2.4.0 through 2.4.3 and 2.2.0 through 2.2.11 are vulnerable.

Information

Bugtraq ID: 102500
Class: Failure to Handle Exceptional Conditions
CVE: CVE-2018-5335

Remote: Yes
Local: No
Published: Jan 11 2018 12:00AM
Updated: Jan 11 2018 12:00AM
Credit: Kamil Frankowicz.
Vulnerable: Wireshark Wireshark 2.4.3
Wireshark Wireshark 2.4.1
Wireshark Wireshark 2.4
Wireshark Wireshark 2.2.11
Wireshark Wireshark 2.2.10
Wireshark Wireshark 2.2.9
Wireshark Wireshark 2.2.8
Wireshark Wireshark 2.2.7
Wireshark Wireshark 2.2.6
Wireshark Wireshark 2.2.5
Wireshark Wireshark 2.2.4
Wireshark Wireshark 2.2.3
Wireshark Wireshark 2.2.2
Wireshark Wireshark 2.2.1
Wireshark Wireshark 2.2
Wireshark Wireshark 2.4.2

Not Vulnerable: Wireshark Wireshark 2.4.4
Wireshark Wireshark 2.2.12

Exploit

A sample packet trace file is available in the Wireshark bug report. Please see the references for more information.

References:

• Bug 14251 - Heap out of bounds read in wcp_uncompress() (Wireshark)
  
• WCP: Add a length check. (Wireshark)
  
• Wireshark Homepage (Wireshark)
  
• wnpa-sec-2018-04 · WCP dissector crash (Wireshark)
  

Source: www.securityfocus.com