Skip Ribbon Commands
Skip to main content
Computer Security Incident Response Team of Mauritius (CERT-MU)

VN-2017-87


Wireshark MP4/DAAP Dissector Bugs Let Remote Users Consume Excessive Memory Resources
Severity Rating: Medium
Systems Affected:
  • Wireshark version 2.2.7
Description
Two vulnerabilities have been identified in Wireshark and they can be exploited by remote attackers to consume excessive memory on the target system.
 
  • A remote user can create specially crafted MP4 data that, when processed by the target application, will trigger an error in the dissect_mp4_box() function in 'epan/dissectors/file-mp4.c' and consume excessive memory on the target system.
  • A remote user can create specially crafted DAAP data that, when processed by the target application, will trigger an error in the dissect_daap_one_tag() function in 'epan/dissectors/packet-daap.c' and consume excessive memory on the target system.
 
Solution
Users are advised to apply updates.
More information is available on:
 
CVE Information
 
Vendor Information
Wireshark
 
References
Security Tracker
 
Wireshark
 
Contact Information
 
Postal address
Mauritian Computer Emergency Response Team (CERT-MU)
National Computer Board
7th Floor, Stratton Court
La Poudriere Street
Port Louis