Wireshark flaw causes CPU slowdown (DOS attack) by injecting a malicious packet onto the network

A report of penetration testing services experts has revealed a vulnerability in , the protocol analyzer used for the inspection and resolution of multiple problems in communications networks. Successful exploitation of this flaw would allow remote hackers to launch denial of service attacks.

Below is a brief description of the reported flaw, in addition to its respective score and tracking key according to the Common Vulnerability Scoring System (CVSS).

The vulnerability, tracked as CVE-2020–15466, exists due to an infinite loop within the GVCP dissector, allowing remote threat actors to deploy DoS attacks. A malicious hacker can pass a specially designed package tracking file to the vulnerable application, which will consume all system resources, leading to the DoS condition.

The fault, considered of average severity, received a score of 5.7/10 and resides in the following versions of Wireshark: 3.2.0, 3.2.1, 3.2.2, 3.2.3, 3.2.4.

Although the flaw can be exploited remotely by unauthenticated hackers over the Internet, penetration testing services specialists have not yet detected active exploit attempts. The first scans also do not report the finding of some malware variant associated with this attack.

Wireshark developers have already released a fix for versions affected by this failure, so users of affected deployments should only verify their correct installation. There is no workaround to fix this vulnerability, so users will need to install an updated version to mitigate the risk of exploitation.

For further reports on vulnerabilities, exploits, malware variants and computer security risks, it is recommended to enter the website of the International Institute of Cyber Security (IICS), as well as the official platforms of technology companies.

Originally published at https://www.securitynewspaper.com on July 3, 2020.