Wireshark iLBC Audio Codec Denial-of-Service Vulnerability

A denial-of-service vulnerability has been identified in Wireshark versions 4.6.0 through 4.6.4 and 4.4.0 through 4.4.14. The issue arises from the iLBC audio codec, which can crash the application by causing a heap buffer overflow. This vulnerability is triggered when the decoder processes multiple frames of iLBC audio, writing more data into a buffer than it can safely hold.

Impact

Exploitation of this vulnerability leads to a heap buffer overflow, causing a crash in the application. However, such heap overflows can often be exploited to execute arbitrary code under certain conditions.

Reproduction

The vulnerability can be reproduced by loading a specially crafted pcap file containing multi-frame iLBC RTP packets into Wireshark. This should be done using a version of Wireshark compiled with AddressSanitizer, which will detect the heap buffer overflow. The iLBC codec should be selected in the RTP player, as the vulnerability relies on the codec being processed.

Remediation

Users can upgrade to Wireshark versions 4.6.5 or 4.4.15, where this vulnerability has been fixed.