CVE-2017-9617 — Uncontrolled Recursion in Wireshark

CWE-674 — Uncontrolled Recursion7 documents6 sources

Severity

5.5MEDIUMNVD

EPSS

0.2%

top 55.23%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Wireshark Debian Wireshark

Timeline

PublishedJun 14

Latest updateMay 13

Description

In Wireshark 2.2.7, deeply nested DAAP data may cause stack exhaustion (uncontrolled recursion) in the dissect_daap_one_tag function in epan/dissectors/packet-daap.c in the DAAP dissector.

CVSS vector

CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:HExploitability: 1.8 | Impact: 3.6

Affected Packages3 packages

▶debiandebian/wireshark< wireshark 2.4.0-1 (bookworm)

▶Debianwireshark/wireshark< 2.4.0-1+3

▶NVDwireshark/wireshark2.2.7

Patches

Patch: bugs.wireshark.org ↗Patch: bugs.wireshark.org ↗

🔴Vulnerability Details

GHSA

GHSA-97wg-3gjr-5w5m: In Wireshark 2↗2022-05-13

▶

OSV

CVE-2017-9617: In Wireshark 2↗2017-06-14

▶

📋Vendor Advisories

Red Hat

wireshark: Deeply nested DAAP data may cause stack exhaustion↗2017-06-13

▶

Debian

CVE-2017-9617: wireshark - In Wireshark 2.2.7, deeply nested DAAP data may cause stack exhaustion (uncontro...↗2017

▶

💬Community

Bugzilla

CVE-2017-9617 wireshark: Deeply nested DAAP data may cause stack exhaustion↗2017-06-22

▶

Bugzilla

CVE-2017-9616 CVE-2017-9617 CVE-2017-9766 wireshark: various flaws [fedora-all]↗2017-06-22

▶