DescriptionEugene Teo (Security Response)
2010-03-01 00:23:56 UTC
Description of problem:
Reported by Ang Way Chuang, Mauro Carvalho informed Red Hat about a security issue in the ULE decapsulation code.
ULE (Unidirectional Lightweight Encapsulation RFC 4326) decapsulation has a bug that causes endless loop when Payload Pointer of MPEG2-TS frame is 182 or 183. Anyone who sends malicious MPEG2-TS frame will cause the receiver of ULE SNDU to go into endless loop.
Acknowledgements:
Red Hat would like to thank Ang Way Chuang for reporting this issue.
Comment 2Eugene Teo (Security Response)
2010-03-01 15:35:12 UTC