Infinite Loop Vulnerability in Gryphon Dissector in Wireshark 3.0.0 to 3.0.3 and 2.6.0 to 2.6.10

Infinite Loop Vulnerability in Gryphon Dissector in Wireshark 3.0.0 to 3.0.3 and 2.6.0 to 2.6.10

CVE-2019-16319 · HIGH Severity

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

In Wireshark 3.0.0 to 3.0.3 and 2.6.0 to 2.6.10, the Gryphon dissector could go into an infinite loop. This was addressed in plugins/epan/gryphon/packet-gryphon.c by checking for a message length of zero.

Learn more about our Web Application Penetration Testing UK.