Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 625474 (CVE-2017-9616, CVE-2017-9617, CVE-2017-9766)

Summary: <net-analyzer/wireshark-2.2.7: Multiple Vulnerabilities (CVE-2017-{9616,9617,9766})
Product: Gentoo Security Reporter: Volkan <vBugZilla>
Component: VulnerabilitiesAssignee: Gentoo Security <security>
Severity: minor CC: glsamaker, netmon
Priority: Normal    
Version: unspecified   
Hardware: All   
OS: Linux   
See Also:
Whiteboard: B3 [noglsa cve]
Package list:
Runtime testing required: ---
Bug Depends on: 629370, 635686    
Bug Blocks:    

Description Volkan 2017-07-17 22:12:50 UTC

In Wireshark 2.2.7, deeply nested DAAP data may cause stack exhaustion
(uncontrolled recursion) in the dissect_daap_one_tag function in
epan/dissectors/packet-daap.c in the DAAP dissector.

Upstream issue:


In Wireshark 2.2.7, overly deep mp4 chunks may cause stack exhaustion
(uncontrolled recursion) in the dissect_mp4_box function in

Upstream issue:
Comment 1 Volkan 2017-07-17 22:15:49 UTC

In Wireshark 2.2.7, PROFINET IO data with a high recursion depth allows
attackers to cause a denial of service (stack exhaustion) in the
dissect_IODWriteReq function in plugins/profinet/packet-dcerpc-pn-io.c.

Upstream issue:
Comment 2 Christopher Díaz Riveros (RETIRED) gentoo-dev Security 2017-10-19 00:27:02 UTC
*** Bug 634700 has been marked as a duplicate of this bug. ***
Comment 3 Michael Boyle 2018-04-22 02:11:12 UTC
There will be no GLSA. The tree is clean.

Michael Boyle
Gentoo Security Padawan