Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 625474 (CVE-2017-9616, CVE-2017-9617, CVE-2017-9766) - <net-analyzer/wireshark-2.2.7: Multiple Vulnerabilities (CVE-2017-{9616,9617,9766})
Summary: <net-analyzer/wireshark-2.2.7: Multiple Vulnerabilities (CVE-2017-{9616,9617,...
Alias: CVE-2017-9616, CVE-2017-9617, CVE-2017-9766
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal minor (vote)
Assignee: Gentoo Security
Whiteboard: B3 [noglsa cve]
: 634700 (view as bug list)
Depends on: CVE-2017-13765, CVE-2017-13766, CVE-2017-13767 635686
  Show dependency tree
Reported: 2017-07-17 22:12 UTC by Volkan
Modified: 2018-04-22 02:12 UTC (History)
2 users (show)

See Also:
Package list:
Runtime testing required: ---


Note You need to log in before you can comment on or make changes to this bug.
Description Volkan 2017-07-17 22:12:50 UTC

In Wireshark 2.2.7, deeply nested DAAP data may cause stack exhaustion
(uncontrolled recursion) in the dissect_daap_one_tag function in
epan/dissectors/packet-daap.c in the DAAP dissector.

Upstream issue:


In Wireshark 2.2.7, overly deep mp4 chunks may cause stack exhaustion
(uncontrolled recursion) in the dissect_mp4_box function in

Upstream issue:
Comment 1 Volkan 2017-07-17 22:15:49 UTC

In Wireshark 2.2.7, PROFINET IO data with a high recursion depth allows
attackers to cause a denial of service (stack exhaustion) in the
dissect_IODWriteReq function in plugins/profinet/packet-dcerpc-pn-io.c.

Upstream issue:
Comment 2 Christopher Díaz Riveros (RETIRED) gentoo-dev Security 2017-10-19 00:27:02 UTC
*** Bug 634700 has been marked as a duplicate of this bug. ***
Comment 3 Michael Boyle 2018-04-22 02:11:12 UTC
There will be no GLSA. The tree is clean.

Michael Boyle
Gentoo Security Padawan