Crash in the Gryphon dissector in Wireshark 3.4.0 to 3.4.10 allows denial of service via packet injection or crafted capture file
Wireshark, a widely used network protocol analyzer, is vulnerable to a denial-of-service (DoS) attack. A flaw in the Gryphon dissector allows attackers to crash the application by injecting malicious packets or providing a crafted capture file, rendering the tool unusable and potentially disrupting network analysis workflows. This vulnerability impacts versions 3.4.0 through 3.4.10 of Wireshark.
Step 1: Payload Delivery: The attacker crafts a malicious packet or a capture file (.pcap or .pcapng) containing a specifically crafted Gryphon protocol payload.
Step 2: Packet Injection (if applicable): The attacker injects the malicious packet onto a network segment monitored by Wireshark.
Step 3: Capture File Loading: If the attack uses a capture file, the attacker provides the file to a user who opens it in Wireshark.
Step 4: Dissection Trigger: Wireshark's Gryphon dissector attempts to parse the malicious Gryphon data.
Step 5: Vulnerability Execution: The crafted data triggers the vulnerability within the Gryphon dissector, leading to a crash.
Step 6: Denial of Service: Wireshark crashes, preventing the user from analyzing network traffic and potentially disrupting network monitoring activities.
The vulnerability lies within the Gryphon dissector, a component responsible for parsing and interpreting Gryphon protocol traffic. The root cause is a flaw in how the dissector handles specific data structures or packet formats. This likely involves an unhandled condition, such as an unexpected length field or malformed data within a Gryphon packet. When Wireshark encounters this malformed data, it triggers an exception, leading to a crash. This could be due to an integer overflow, buffer overflow, or an attempt to access memory outside of allocated bounds. The specific function or logic flaw is not detailed in the CVE description, but it is related to the processing of Gryphon protocol data. The vulnerability allows for a DoS condition, as the application becomes unusable.