Vigil@nce - Wireshark: denial of service via RTP
April 2014 by Vigil@nce
This bulletin was written by Vigil@nce : http://vigilance.fr/offer
SYNTHESIS OF THE VULNERABILITY
An attacker can use a special RTP session, in order to trigger a
denial of service of Wireshark.
Impacted products: Fedora, Wireshark
Severity: 1/4
Creation date: 23/04/2014
DESCRIPTION OF THE VULNERABILITY
The Wireshark program captures and displays network packets.
Protocols are decoded by dissectors.
However, the RTP dissector does not manage the case where two
conversations are identical, which triggers a fatal error in the
g_hash_table_lookup() function.
An attacker can therefore use a special RTP session, in order to
trigger a denial of service of Wireshark.
ACCESS TO THE COMPLETE VIGIL@NCE BULLETIN
http://vigilance.fr/vulnerability/Wireshark-denial-of-service-via-RTP-14629