## Summary The BTSDP dissector could go into an infinite loop. It can make Wireshark consume excessive CPU resources by injecting a malformed packet onto the wire or by convincing someone to read a malformed packet trace file. ## Sample capture file I put the POC pcap file in the attachment. [loop-poc.pcap](/uploads/efd2d668983078d88f797a4664e3f52b/loop-poc.pcap) ## Steps to reproduce method1: Run the following command: ``` tshark -r loop-poc.pcap ``` method2: Drag the file to the Wireshark on the GUI. ## What is the current bug behavior? The Wireshark is in an infinite loop, and the CPU usage remains 100%. ## Technical Details I tried to analyze the cause of the problem and found that the infinite loop appeared in dissect_sdp_type(). When the following code snippet was executed, the program repeatedly entered this loop or entered recursion, causing the Wireshark DoS. ```c while (bytes_to_go > 0) { if (!first) { wmem_strbuf_append(info_buf, ", "); } else { first = 0; } size = dissect_sdp_type(st, pinfo, tvb, offset, attribute, service_uuid, service_did_vendor_id, service_did_vendor_id_source, service_hdp_data_exchange_specification, service_info, &substr); if (size < 1) { break; } wmem_strbuf_append_printf(info_buf, "%s ", wmem_strbuf_get_str(substr)); offset += size ; bytes_to_go -= size; } wmem_strbuf_append(info_buf, "} "); break; ``` I'd like to request a CVE ID for this vulnerability. Thank you!