KLA10961
Denial of service vulnerability in Wireshark

An infinite loop and memory exhaustion vulnerability was found in Wireshark versions 2.2.4 and earlier. By exploiting this vulnerability malicious users can possibly cause a denial of service. This vulnerability can be exploited remotely via a specially designed or malformed STANAG 4607 capture.

Technical details

The issue is related to a packet with null field of the packet size in the packet header. In this case, the offset to read from will not advance. Contininuous attempts to read the same zero-length packet will soon exhaust all system memory.

Wireshark 2.0.0 to 2.0.10
Wireshark 2.2.0 to 2.2.4 

Update to the latest version
Download Wireshark