Red Hat Security Advisory 2023-0471-01 - An update is now available for Migration Toolkit for Runtimes (v1.0.1). Issues addressed include a denial of service vulnerability.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA256

=====================================================================  
                   Red Hat Security Advisory

Synopsis:          Important: Migration Toolkit for Runtimes security update  
Advisory ID:       RHSA-2023:0471-01  
Product:           Migration Toolkit for Runtimes  
Advisory URL:      https://access.redhat.com/errata/RHSA-2023:0471  
Issue date:        2023-01-26  
CVE Names:         CVE-2022-3517 CVE-2022-25914 CVE-2022-37603   
                   CVE-2022-42003 CVE-2022-42004 CVE-2022-42920   
=====================================================================

1. Summary:

An update is now available for Migration Toolkit for Runtimes (v1.0.1).

Red Hat Product Security has rated this update as having a security impact  
of Important. A Common Vulnerability Scoring System (CVSS) base score,  
which  
gives a detailed severity rating, is available for each vulnerability from  
the CVE link(s) in the References section.

2. Description:

Security Fix(es):

* jib-core: RCE via the isDockerInstalled (CVE-2022-25914)  
* Apache-Commons-BCEL: arbitrary bytecode produced via out-of-bounds  
writing (CVE-2022-42920)  
* nodejs-minimatch: ReDoS via the braceExpand function (CVE-2022-3517)  
* loader-utils: Regular expression denial of service (CVE-2022-37603)  
* jackson-databind: deep wrapper array nesting wrt  
UNWRAP_SINGLE_VALUE_ARRAYS (CVE-2022-42003)  
* jackson-databind: use of deeply nested arrays (CVE-2022-42004)

For more details about the security issue(s), including the impact, a CVSS  
score, acknowledgments, and other related information, refer to the CVE  
page listed in the References section.

3. Solution:

Before applying this update, make sure all previously released errata  
relevant to your system have been applied.

For details on how to apply this update, refer to:

https://access.redhat.com/articles/11258

4. Bugs fixed (https://bugzilla.redhat.com/):

2134344 - CVE-2022-25914 jib-core: RCE via the isDockerInstalled  
2134609 - CVE-2022-3517 nodejs-minimatch: ReDoS via the braceExpand function  
2135244 - CVE-2022-42003 jackson-databind: deep wrapper array nesting wrt UNWRAP_SINGLE_VALUE_ARRAYS  
2135247 - CVE-2022-42004 jackson-databind: use of deeply nested arrays  
2140597 - CVE-2022-37603 loader-utils:Regular expression denial of service  
2142707 - CVE-2022-42920 Apache-Commons-BCEL: arbitrary bytecode produced via out-of-bounds writing

5. References:

https://access.redhat.com/security/cve/CVE-2022-3517  
https://access.redhat.com/security/cve/CVE-2022-25914  
https://access.redhat.com/security/cve/CVE-2022-37603  
https://access.redhat.com/security/cve/CVE-2022-42003  
https://access.redhat.com/security/cve/CVE-2022-42004  
https://access.redhat.com/security/cve/CVE-2022-42920  
https://access.redhat.com/security/updates/classification/#important  
https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?product=migration.toolkit.runtimes&downloadType=distributions

6. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact  
details at https://access.redhat.com/security/team/contact/

Copyright 2023 Red Hat, Inc.  
-----BEGIN PGP SIGNATURE-----  
Version: GnuPG v1

iQIVAwUBY9KrktzjgjWX9erEAQhAgQ//XBC9o9VYI+ndpTTSa0Xe8i7wf+gwsK5f  
cJV5aaxzrf+OXlNDX6TdRHXmUsiIsT8MkliiegKStsKr5ZeJeJ40l4AFytlMAL3D  
2WtkFIznUcnQfjy//HkEkR1TcMoun2jIoUOym4ILymQNdzEFkE9ALx8xtISWxvqY  
X+Ro97Iw9ecwfLu7OrdlKuLJhEOBK/tCqPY5DGEkc8egxELfWmCIDY+/VFrPui/C  
HtI4+rOcRGTW6eS7zjNBcovsEAzh0+uw6pdRLklGpEbRxYWy7rrfL5a6k1xuVb7q  
UGiUocfVzjM8fGOmifnG8cQrTO16w+EbNa5gtk4j7XJdYFI1B3mdfuYkz7EOd6tY  
FkflesNFmEsR2BjGOYchkxNNTSXjLjDzfzaoqUeCFU8gWNaRkwtUL8dKOgLwVrok  
cAH7AqYJ9pBCVDYFpB2vz9EW6cUDvYkkki8WckEDjG7Y0b66fmzous8qz9xIsCoN  
0PJRM1vSnrTNYq1p/DWq0bHY4cQJ+yIIcDVzOdAblsGStk9TLaNcklpnyc5TNmYL  
hp8+3keJ7LXRHInNn9ev+4askstdUNCvUymfZY/GxAAXUlr0inPOGEnNZB35d1n4  
iok2xXLiCJQpfiUYaT3Ch2NiJ/0xz5miDchjWpWRKmeqXJyvUtaiF5cDlci8NvzJ  
AwLDrG6Ja/g=  
=Quha  
-----END PGP SIGNATURE-----  
--  
RHSA-announce mailing list  
RHSA-announce@redhat.com  
https://listman.redhat.com/mailman/listinfo/rhsa-announce

Red Hat Security Advisory 2023-0471-01

Discourse is an open source platform for community discussion. Versions prior to 3.1.0.beta1 (beta) (tests-passed) are vulnerable to Allocation of Resources Without Limits. Users can create chat drafts of an unlimited length, which can cause a denial of service by generating an excessive load on the server. Additionally, an unlimited number of drafts were loaded when loading the user. This issue has been patched in version 2.1.0.beta1 (beta) and (tests-passed). Users should upgrade to the latest version where a limit has been introduced. There are no workarounds available.

**Package**

Discourse - chat (Discourse)

**Affected versions**

beta >= 3.1.0.beta1; tests-passed >= 3.1.0.beta1

**Patched versions**

beta >= 3.1.0.beta1; tests-passed >= 3.1.0.beta1

**Description**

**Impact**

Users can create chat drafts of an unlimited length, which can cause a denial of service by generating an excessive load on the server. Additionally an unlimited number of drafts were loaded when loading the user.

**Patches**

Users should upgrade to the latest version where a limit has been introduced.

**Workarounds**

No workarounds available.

CVE-2023-22740: Chat drafts should have a maximum character limit and the number of loaded drafts should be limited

### Impact
version 1.5.0 and 1.6.0 when using the new `debug-host` feature could expose unnecessary information about the host

### Patches
Use 1.6.1 or newer

### Workarounds
Downgrade to 1.4.0 or set `debug-host` to empty

### References
https://github.com/fortio/proxy/pull/38

Q&A https://github.com/fortio/proxy/discussions

**Initial debug-host handler implementation could leak information and facilitate denial of service**

Moderate severity GitHub Reviewed Published Jan 27, 2023 in fortio/proxy • Updated Jan 27, 2023

GHSA-x477-fq37-q5wr: Initial debug-host handler implementation could leak information and facilitate denial of service

Highlighting continued attacks on game developers, attackers stole source code from and issued a ransom demand to the maker of League of Legends.

Cyberattackers have compromised and demanded a ransom from Riot Games, the developer behind the popular League of Legends game, in the latest attack to target video-game makers.

In a series of posts on Twitter, Riot Games acknowledged the breach this week and confirmed that the attackers had exfiltrated source code for the League of Legends (aka LoL) and Teamfight Tactics (TFT) games, as well as source code for an older anti-cheat platform. The attackers issued a ransom demand for $10 million, threatening to otherwise release the source code.

The attack disrupted Riot Games' development environment but appears to have failed to compromise player data, the company stated.

"We've made a lot of progress since last week and we believe we’ll have things repaired later in the week, which will allow us to remain on our regular patch cadence going forward," the company said on Twitter. "The League and TFT teams will update you soon on what this means for each game."

Riot Games joins other major video-game makers as a victim of online attackers. In September, Take Two Interactive's Rockstar Games — the maker of Grand Theft Auto — acknowledged that an unknown third party had compromised its network and gained access to videos and files for its coming Grand Theft Auto 6. And in 2021, cybercriminals used social engineering to gain access to the Slack channel for developers at Electronic Arts, giving them access to source code for the company's FIFA 21 and Battlefield franchises.

More recently, Rockstar Games has scrambled over the past week to deal with hackers exploiting vulnerabilities in the PC version of its Grand Theft Auto Online.

Industry analysts estimate that more than half of the US population plays games, with games on mobile devices about twice as popular as those on PCs or consoles. And attackers go where the people are, Tonia Dudley, CISO at Cofense, said in a statement to Dark Reading.

"In recent years, the gaming sector has become an increasingly popular target for cybercriminals," she said. "As investments in everything from e-sports to video games have increased, cyberattacks — particularly distributed denial-of-service (DDoS) attacks — have skyrocketed."

**Cyberattackers Playing Games**

Part of the reason that attackers focus on video-game makers is the large overlap between gamer and hacker interests. For instance, some are driven by a desire to find cheats to gain an advantage in online play. 

Attacks targeting online gamers typically make up a plurality of DDoS attacks detected each year and accounted for 46% of all attacks in 2020.

Cybercriminals also often target game makers that, arguably, have alienated their fan bases. In February 2021, for example, hackers targeted CD Projekt Red — the maker of the Witcher and Cyberpunk 2077 video games — because they were angry with the buggy state of the Cyberpunk 2077 game.

Yet games also make good platforms to distribute malware. Pirated games are often a vector for opportunistic malware. With most games connected to, and downloading data from, the Internet, games and their online services make ideal vectors of attack, says Boris Larin, lead security researcher at Kaspersky’s Global Research and Analysis Team.

"\[T\]hey have compromised a victim's build environments to conduct supply chain attacks, \[which\] could be considered as a very effective strategy for infection of a large number of PCs with a single attack," he says. "Massive multiplayer online (MMO) games have large user bases, and those users expect to receive automatic updates, so if attackers Trojanize a game update, a very large portion of players will be infected all at once."

**No Pay to Play**

Riot Games' response to the attack highlights another trend in the industry: Victims of ransomware attacks are refusing to pay. Last week, digital currency trackers estimated that ransomware revenues fell nearly 40% to nearly $460 million, with the average attack returning less in revenue per transaction.

The cybercriminals behind the attack on Riot Games demanded $10 million to not release the company's source code, according to an article in Motherboard.

Riot Games had a simple response.

"Today, we received a ransom email," the company stated in its post to Twitter. "Needless to say, we won't pay."

Riot Games handled the notification aspect of the breach very well, laying everything out to its customers, noting that personal information was likely not compromised, and detailing what code had been stolen, according to Kaspersky's Larin.

"We think that Riot Games did the right thing choosing not to pay," he says. "If you become a victim, never pay the ransom. \[Paying\] will not guarantee you get your data back nor that it will not be leaked online, but it will encourage criminals to continue their business."

Riot Games plans to release a full report on the incident to the public, "detailing the attackers' techniques, the areas where Riot's security controls failed, and the steps we’re taking to ensure this doesn’t happen again," the company stated.

Riot Games Latest Video-Game Maker to Suffer Breach

A use-after-free flaw was found in io_uring/filetable.c in io_install_fixed_file in the io_uring subcomponent in the Linux Kernel during call cleanup. This flaw may lead to a denial of service.

'2163723?cve=title' is not a valid bug number nor an alias to a bug.

Please press **Back** and try again.

CVE-2023-0469: Invalid Bug ID

TIPC dissector crash in Wireshark 4.0.0 to 4.0.2 and 3.6.0 to 3.6.10 and allows denial of service via packet injection or crafted capture file

CVE-2023-0412: Fuzz job crash output: fuzz-2022-12-30-11007.pcap (#18770) · Issues · Wireshark Foundation / wireshark · GitLab

iSCSI dissector crash in Wireshark 4.0.0 to 4.0.2 and 3.6.0 to 3.6.10 and allows denial of service via packet injection or crafted capture file

Skip to content

Open Issue created Jan 11, 2023 by **A Wireshark GitLab Utility@ws-gitlab-utility**Developer

**Fuzz job crash output: fuzz-2023-01-11-10954.pcap**

Problems have been found with the following capture file:

https://www.wireshark.org/download/automated/captures/fuzz-2023-01-11-10954.pcap.gz

stderr:

    Branch: master
    Input file: /var/menagerie/menagerie/13649-hwiscsi.ipv4.rw=read.bs=4k.oio=1.57711.1500.c=10K.pcap.gz
    CI job name: ASan Menagerie Fuzz, ID: 3584468798
    CI job URL: https://gitlab.com/wireshark/wireshark/-/jobs/3584468798
    Return value: 0
    Dissector bug: 0
    Date and time: Wed Jan 11 11:28:33 UTC 2023
    
    Commits in the last 48 hours:
    313fed6d dftest: Add --types option
    70e006fc dftest: Revert to using "->"
    8a4f22be ALP: fix issue #18795 (memory management issues)
    5e3dba3d NAS 5GS: upgrade dissector to v17.9.0
    42f7ee88 LLS: fix msvc warning: possible loss of data
    60912dae LLS: add dissector for ATSC3 Low Level Signalling (LLS) Protocol
    3c9662b1 note that tvb_child_uncompress attaches to parent
    8bf01503 note to use the tvb_child_uncompress* alternative
    95a16270 note need to free return in uncompress functions
    988d4585 ipsec: fix comment
    005ea28d sip: fix leak in uncompress
    0150297d rtps: fix leak in uncompress
    01fda90a mcpe: fix leak in uncompress
    39ee45a0 multipart: fix leak in uncompress
    8461440f gelf: fix leak in uncompress
    f7290f2c mysql: fix leak in uncompress
    e80b2ab5 ALP: add decoders for Link Mapping Table (LMT) and Sony header extensions
    1fc51673 mako: Updated Metamako trailer dissection
    4d38cf9e FAQ: Fix some markup
    56deed1c GTPv2: correction of IE MM Context EPS QQ
    
    Build host information:
    Linux 5.15.0-56-generic #62-Ubuntu SMP Tue Nov 22 19:54:14 UTC 2022 x86_64
    Distributor ID:	Ubuntu
    Description:	Ubuntu 22.04.1 LTS
    Release:	22.04
    Codename:	jammy
    
    Command and args: /builds/wireshark/wireshark/_install/bin/tshark -2 --log-fatal-domains=UTF-8  -nr
    Running as user "root" and group "root". This could be dangerous.
    AddressSanitizer:DEADLYSIGNAL
    =================================================================
    ==65913==ERROR: AddressSanitizer: SEGV on unknown address 0x000000000000 (pc 0x7efec227e97d bp 0x7ffe75a38c90 sp 0x7ffe75a38448 T0)
    ==65913==The signal is caused by a READ memory access.
    ==65913==Hint: address points to the zero page.
        #0 0x7efec227e97d  (/lib/x86_64-linux-gnu/libc.so.6+0x19d97d) (BuildId: 69389d485a9793dbe873f0ea2c93e02efaa9aa3d)
        #1 0x55b2713b3739 in strlen (/builds/wireshark/wireshark/_install/bin/tshark+0x64739) (BuildId: 31a56ee39b1468ac12e53d09938420b6de663800)
        #2 0x7efecd2c0d92 in ws_label_strcpy /builds/wireshark/wireshark/epan/strutil.c:821:15
        #3 0x7efecd2c1f77 in ws_label_strcat /builds/wireshark/wireshark/epan/strutil.c:944:12
        #4 0x7efecd164fd3 in col_do_append_str /builds/wireshark/wireshark/epan/column-utils.c:888:14
        #5 0x7efecd16492e in col_append_str /builds/wireshark/wireshark/epan/column-utils.c:899:3
        #6 0x7efecada96d8 in dissect_iscsi_pdu /builds/wireshark/wireshark/epan/dissectors/packet-iscsi.c:866:9
        #7 0x7efecadad465 in dissect_iscsi_pdu /builds/wireshark/wireshark/epan/dissectors/packet-iscsi.c:1558:9
        #8 0x7efecada7a79 in dissect_iscsi /builds/wireshark/wireshark/epan/dissectors/packet-iscsi.c:2503:9
        #9 0x7efecada52fa in dissect_iscsi_handle /builds/wireshark/wireshark/epan/dissectors/packet-iscsi.c:2521:12
        #10 0x7efecd1ca3da in call_dissector_through_handle /builds/wireshark/wireshark/epan/packet.c:822:9
        #11 0x7efecd1bf435 in call_dissector_work /builds/wireshark/wireshark/epan/packet.c:920:9
        #12 0x7efecd1c70a0 in call_dissector_only /builds/wireshark/wireshark/epan/packet.c:3403:8
        #13 0x7efecd17922e in try_conversation_call_dissector_helper /builds/wireshark/wireshark/epan/conversation.c:1579:11
        #14 0x7efecd178caa in try_conversation_dissector /builds/wireshark/wireshark/epan/conversation.c:1613:13
        #15 0x7efecbabb18c in decode_tcp_ports /builds/wireshark/wireshark/epan/dissectors/packet-tcp.c:7200:9
        #16 0x7efecbac40e3 in process_tcp_payload /builds/wireshark/wireshark/epan/dissectors/packet-tcp.c:7364:13
        #17 0x7efecbac1334 in desegment_tcp /builds/wireshark/wireshark/epan/dissectors/packet-tcp.c:4345:9
        #18 0x7efecbabda31 in dissect_tcp_payload /builds/wireshark/wireshark/epan/dissectors/packet-tcp.c:7437:9
        #19 0x7efecbad1ef7 in dissect_tcp /builds/wireshark/wireshark/epan/dissectors/packet-tcp.c:8504:17
        #20 0x7efecd1ca3da in call_dissector_through_handle /builds/wireshark/wireshark/epan/packet.c:822:9
        #21 0x7efecd1bf435 in call_dissector_work /builds/wireshark/wireshark/epan/packet.c:920:9
        #22 0x7efecd1bed73 in dissector_try_uint_new /builds/wireshark/wireshark/epan/packet.c:1526:8
        #23 0x7efecad2060e in ip_try_dissect /builds/wireshark/wireshark/epan/dissectors/packet-ip.c:1822:7
        #24 0x7efecad259e5 in dissect_ip_v4 /builds/wireshark/wireshark/epan/dissectors/packet-ip.c:2328:10
        #25 0x7efecd1ca3da in call_dissector_through_handle /builds/wireshark/wireshark/epan/packet.c:822:9
        #26 0x7efecd1bf435 in call_dissector_work /builds/wireshark/wireshark/epan/packet.c:920:9
        #27 0x7efecd1bed73 in dissector_try_uint_new /builds/wireshark/wireshark/epan/packet.c:1526:8
        #28 0x7efecd1bf7f2 in dissector_try_uint /builds/wireshark/wireshark/epan/packet.c:1550:9
        #29 0x7efeca8d6ac3 in dissect_ethertype /builds/wireshark/wireshark/epan/dissectors/packet-ethertype.c:296:21
        #30 0x7efecd1ca3da in call_dissector_through_handle /builds/wireshark/wireshark/epan/packet.c:822:9
        #31 0x7efecd1bf435 in call_dissector_work /builds/wireshark/wireshark/epan/packet.c:920:9
        #32 0x7efecd1c70a0 in call_dissector_only /builds/wireshark/wireshark/epan/packet.c:3403:8
        #33 0x7efecd1bb804 in call_dissector_with_data /builds/wireshark/wireshark/epan/packet.c:3416:8
        #34 0x7efeca8d3703 in dissect_eth_common /builds/wireshark/wireshark/epan/dissectors/packet-eth.c:596:5
        #35 0x7efeca8d2257 in dissect_eth /builds/wireshark/wireshark/epan/dissectors/packet-eth.c:902:5
        #36 0x7efecd1ca3da in call_dissector_through_handle /builds/wireshark/wireshark/epan/packet.c:822:9
        #37 0x7efecd1bf435 in call_dissector_work /builds/wireshark/wireshark/epan/packet.c:920:9
        #38 0x7efecd1c70a0 in call_dissector_only /builds/wireshark/wireshark/epan/packet.c:3403:8
        #39 0x7efeca975249 in dissect_frame /builds/wireshark/wireshark/epan/dissectors/packet-frame.c:1018:6
        #40 0x7efecd1ca3da in call_dissector_through_handle /builds/wireshark/wireshark/epan/packet.c:822:9
        #41 0x7efecd1bf435 in call_dissector_work /builds/wireshark/wireshark/epan/packet.c:920:9
        #42 0x7efecd1c70a0 in call_dissector_only /builds/wireshark/wireshark/epan/packet.c:3403:8
        #43 0x7efecd1bb804 in call_dissector_with_data /builds/wireshark/wireshark/epan/packet.c:3416:8
        #44 0x7efecd1bafea in dissect_record /builds/wireshark/wireshark/epan/packet.c:626:3
        #45 0x7efecd18dc18 in epan_dissect_run_with_taps /builds/wireshark/wireshark/epan/epan.c:638:2
        #46 0x55b271487615 in process_packet_second_pass /builds/wireshark/wireshark/tshark.c:3273:9
        #47 0x55b271485699 in process_cap_file_second_pass /builds/wireshark/wireshark/tshark.c:3417:13
        #48 0x55b27147fc79 in process_cap_file /builds/wireshark/wireshark/tshark.c:3721:34
        #49 0x55b271479418 in main /builds/wireshark/wireshark/tshark.c:2252:22
        #50 0x7efec210ad8f  (/lib/x86_64-linux-gnu/libc.so.6+0x29d8f) (BuildId: 69389d485a9793dbe873f0ea2c93e02efaa9aa3d)
        #51 0x7efec210ae3f in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x29e3f) (BuildId: 69389d485a9793dbe873f0ea2c93e02efaa9aa3d)
        #52 0x55b27139c6c4 in _start (/builds/wireshark/wireshark/_install/bin/tshark+0x4d6c4) (BuildId: 31a56ee39b1468ac12e53d09938420b6de663800)
    
    AddressSanitizer can not provide additional info.
    SUMMARY: AddressSanitizer: SEGV (/lib/x86_64-linux-gnu/libc.so.6+0x19d97d) (BuildId: 69389d485a9793dbe873f0ea2c93e02efaa9aa3d) 
    ==65913==ABORTING
    
    fuzz-test.sh stderr:
    Running as user "root" and group "root". This could be dangerous.

_no debug trace_

CVE-2023-0415: Fuzz job crash output: fuzz-2023-01-11-10954.pcap (#18796) · Issues · Wireshark Foundation / wireshark · GitLab

Memory leak in the NFS dissector in Wireshark 4.0.0 to 4.0.2 and 3.6.0 to 3.6.10 and allows denial of service via packet injection or crafted capture file

wnpa-sec-2023-02 · NFS dissector memory leak

**Summary**

**Name:** NFS dissector memory leak

**Docid:** wnpa-sec-2023-02

**Date:** January 18, 2023

**Affected versions:** 4.0.0 to 4.0.2, 3.6.0 to 3.6.10

**Fixed versions:** 4.0.3, 3.6.11

**References:**  
Wireshark issue 18628

**Details****Description**

The NFS dissector could leak memory.

**Impact**

It may be possible to make Wireshark consume excessive CPU resources by injecting a malformed packet onto the wire or by convincing someone to read a malformed packet trace file.

**Resolution**

Upgrade to Wireshark 4.0.3, 3.6.11 or later.

CVE-2023-0417: Wireshark · wnpa-sec-2023-02 · NFS dissector memory leak

Crash in the EAP dissector in Wireshark 4.0.0 to 4.0.2 allows denial of service via packet injection or crafted capture file

wnpa-sec-2023-01 · EAP dissector crash

**Summary**

**Name:** EAP dissector crash

**Docid:** wnpa-sec-2023-01

**Date:** January 18, 2023

**Affected versions:** 4.0.0 to 4.0.2

**Fixed versions:** 4.0.3

**References:**  
Wireshark issue 18622

**Details****Description**

The EAP dissector could crash.

**Impact**

It may be possible to make Wireshark crash by injecting a malformed packet onto the wire or by convincing someone to read a malformed packet trace file.

**Resolution**

Upgrade to Wireshark 4.0.3 or later.

CVE-2023-0414: Wireshark · wnpa-sec-2023-01 · EAP dissector crash

Excessive loops in multiple dissectors in Wireshark 4.0.0 to 4.0.2 and 3.6.0 to 3.6.10 and allows denial of service via packet injection or crafted capture file

wnpa-sec-2023-06 · Multiple dissector excessive loops

**Summary**

**Name:** Multiple dissector excessive loops

**Docid:** wnpa-sec-2023-06

**Date:** January 18, 2023

**Affected versions:** 4.0.0 to 4.0.2, 3.6.0 to 3.6.10

**Fixed versions:** 4.0.3, 3.6.11

**References:**  
Wireshark issue 18711  
Wireshark issue 18720  
Wireshark issue 18737

**Details****Description**

The BPv6, NCP, and RTPS dissectors could loop excessively.

**Impact**

It may be possible to make Wireshark consume excessive CPU resources by injecting a malformed packet onto the wire or by convincing someone to read a malformed packet trace file.

**Resolution**

Upgrade to Wireshark 4.0.3, 3.6.11 or later.

Tag

#dos