CVE-2017-9616 — Uncontrolled Recursion in Wireshark

CWE-674 — Uncontrolled Recursion7 documents6 sources

Severity

5.5MEDIUMNVD

EPSS

0.2%

top 55.23%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Wireshark Debian Wireshark

Timeline

PublishedJun 14

Latest updateMay 13

Description

In Wireshark 2.2.7, overly deep mp4 chunks may cause stack exhaustion (uncontrolled recursion) in the dissect_mp4_box function in epan/dissectors/file-mp4.c.

CVSS vector

CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:HExploitability: 1.8 | Impact: 3.6

Affected Packages3 packages

▶debiandebian/wireshark< wireshark 2.4.0-1 (bookworm)

▶Debianwireshark/wireshark< 2.4.0-1+3

▶NVDwireshark/wireshark2.2.7

🔴Vulnerability Details

GHSA

GHSA-w848-9v8p-7jfr: In Wireshark 2↗2022-05-13

▶

OSV

CVE-2017-9616: In Wireshark 2↗2017-06-14

▶

📋Vendor Advisories

Red Hat

wireshark: Overly deep mp4 chunks may cause stack exhaustion↗2017-06-08

▶

Debian

CVE-2017-9616: wireshark - In Wireshark 2.2.7, overly deep mp4 chunks may cause stack exhaustion (uncontrol...↗2017

▶

💬Community

Bugzilla

CVE-2017-9616 CVE-2017-9617 CVE-2017-9766 wireshark: various flaws [fedora-all]↗2017-06-22

▶

Bugzilla

CVE-2017-9616 wireshark: Overly deep mp4 chunks may cause stack exhaustion↗2017-06-22

▶