Crash in the Sysdig Event dissector in Wireshark 3.6.0 and 3.4.0 to 3.4.10 allows denial of service via packet injection or crafted capture file
Wireshark, a widely used network protocol analyzer, is vulnerable to a denial-of-service (DoS) attack. A crafted packet or capture file, specifically targeting the Sysdig Event dissector, can trigger a crash, rendering the application unusable. This vulnerability can be exploited by injecting malicious packets into a network or by distributing a compromised capture file.
Step 1: Payload Delivery: An attacker crafts a malicious Sysdig event packet or creates a capture file (.pcap or .pcapng) containing such a packet.
Step 2: Packet Injection/File Opening: The attacker either injects the crafted packet into a network monitored by Wireshark or convinces a user to open the malicious capture file.
Step 3: Dissector Trigger: Wireshark's Sysdig Event dissector attempts to parse the malicious packet.
Step 4: Vulnerability Exploitation: The crafted packet triggers the vulnerability within the Sysdig Event dissector, leading to a crash.
Step 5: Denial of Service: Wireshark crashes, making it unavailable for network analysis until restarted.
The vulnerability lies within the Sysdig Event dissector in Wireshark. The dissector, responsible for parsing and interpreting Sysdig event data, contains a flaw that leads to a crash when processing malformed or crafted Sysdig event packets. The root cause is likely related to improper handling of input data, potentially leading to a buffer overflow, integer overflow, or other memory corruption issues within the dissector's parsing logic. The specific function or logic flaw is not explicitly stated in the provided information, but the description points to a problem with how the dissector handles the Sysdig event data, leading to a crash and DoS.