Wireshark UDS DDDI Parser Denial of Service Vulnerability Summary Vulnerability Overview Vulnerability Name: Infinite Loop in UDS DDDI Dissector results in Denial of Service CVE Number: CWE-835 (Loop with Unreachable Exit Condition) CVSS 3.1 Score: 4.3 Medium (AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L) Impact: Denial of Service (application hangs, 100% CPU usage on the parsing thread) Reporter: Jaime Cavero Creator: John Thacker Status: Done Scope of Impact Affected Versions: Wireshark 4.7.0 (development branch, commit c79fa68e) Vulnerable Code Path: Function: Code Path: Trigger Condition: A malformed UDS service 0x2C (DynamicallyDefineDataIdentifier) request frame with sub-function 0x02 (defineByMemoryAddress) causes an infinite loop. Remediation Fix Status: Done Fix Code: Fix Description: Avoids the infinite loop by correctly parsing the byte. Additional Information Participants: 4 people Time Tracking: No estimated or spent time Iteration: None Milestone: None Weight: None Parent: None Labels: None Assigned To: None