Linux Distros Unpatched Vulnerability : CVE-2023-7256

🗓️ 05 Mar 2025 00:00:00Reported by TenableType

Linux host has unpatched vulnerability CVE-2023-7256 in libpcap, causing potential memory issues.

Reporter	Title	Published	Views	Family All 88
IBM Security Bulletins	Security Bulletin: Multiple security vulnerabilities are addressed with IBM Business Automation Manager Open Editions 9.1.1	30 Sep 202416:04	–	ibm
AlpineLinux	CVE-2023-7256	30 Aug 202423:44	–	alpinelinux
Apple	About the security content of tvOS 17	18 Sep 202300:00	–	apple
Apple	About the security content of macOS Sonoma 14	26 Sep 202300:00	–	apple
Apple	About the security content of watchOS 10	18 Sep 202300:00	–	apple
Apple	About the security content of iOS 17 and iPadOS 17	18 Sep 202300:00	–	apple
Apple	About the security content of iOS 16.6 and iPadOS 16.6	24 Jul 202300:00	–	apple
Tenable Nessus	Apple TV < 17 Multiple Vulnerabilities (HT213936)	3 Oct 202300:00	–	nessus
Tenable Nessus	Apple iOS < 16.6 Multiple Vulnerabilities (HT213841)	26 Jul 202300:00	–	nessus
Tenable Nessus	Apple iOS < 17 Multiple Vulnerabilities (HT213938)	29 Jan 202400:00	–	nessus

Source	Link
security-tracker	www.security-tracker.debian.org/tracker/CVE-2023-7256
cve	www.cve.mitre.org/cgi-bin/cvename.cgi

#%NASL_MIN_LEVEL 80900
##
# (C) Tenable, Inc.
##

include('compat.inc');

if (description)
{
  script_id(228045);
  script_version("1.2");
  script_set_attribute(attribute:"plugin_modification_date", value:"2025/08/30");

  script_cve_id("CVE-2023-7256");

  script_name(english:"Linux Distros Unpatched Vulnerability : CVE-2023-7256");

  script_set_attribute(attribute:"synopsis", value:
"The Linux/Unix host has one or more packages installed with a vulnerability that the vendor indicates will not be
patched.");
  script_set_attribute(attribute:"description", value:
"The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied
patch available.

  - In affected libpcap versions during the setup of a remote packet capture the internal function
    sock_initaddress() calls getaddrinfo() and possibly freeaddrinfo(), but does not clearly indicate to the
    caller function whether freeaddrinfo() still remains to be called after the function returns. This makes
    it possible in some scenarios that both the function and its caller call freeaddrinfo() for the same
    allocated memory block. A similar problem was reported in Apple libpcap, to which Apple assigned
    CVE-2023-40400. (CVE-2023-7256)

Note that Nessus relies on the presence of the package as reported by the vendor.");
  script_set_attribute(attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2023-7256");
  script_set_attribute(attribute:"solution", value:
"There is no known solution at this time.");
  script_set_attribute(attribute:"agent", value:"unix");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2023-7256");

  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"false");
  script_set_attribute(attribute:"vendor_unpatched", value:"true");

  script_set_attribute(attribute:"vuln_publication_date", value:"2024/08/30");
  script_set_attribute(attribute:"plugin_publication_date", value:"2025/03/05");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:debian:debian_linux:11.0");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:debian:debian_linux:12.0");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libpcap");
  script_set_attribute(attribute:"generated_plugin", value:"current");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Misc.");

  script_copyright(english:"This script is Copyright (C) 2025 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("set_linux_os_id.nasl", "ssh_get_info2.nasl");
  script_require_keys("Host/OS/identifier", "Host/cpu", "Host/local_checks_enabled", "global_settings/vendor_unpatched");
  script_require_ports("Host/OS/Debian Linux-11", "Host/OS/Debian Linux-12");

  exit(0);
}

if (!get_kb_item("global_settings/vendor_unpatched")) exit(0, "Unpatched Vulnerabilities Detection not active.");
if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
if (empty_or_null(get_one_kb_item("Host/Debian/dpkg-l"))) audit(AUDIT_PACKAGE_LIST_MISSING);

include('linux_unpatched.inc');

var distro_constraints_array = {
  "Debian Linux-12": {
    "package_manager": "dpkg-l",
    "constraints": [
      {
        "release": "12",
        "pkgs": [
          {"reference": "libpcap-dev"},
          {"reference": "libpcap0.8"},
          {"reference": "libpcap0.8-dev"}
        ]
      }
    ]
  },
  "Debian Linux-11": {
    "package_manager": "dpkg-l",
    "constraints": [
      {
        "release": "11",
        "pkgs": [
          {"reference": "libpcap-dev"},
          {"reference": "libpcap0.8"},
          {"reference": "libpcap0.8-dbg"},
          {"reference": "libpcap0.8-dev"}
        ]
      }
    ]
  }
};

var distro_constraints_values = linux_unpatched::get_distro_constraints(distro_constraints_arr:distro_constraints_array);
if (empty_or_null(distro_constraints_values)) audit(AUDIT_HOST_NOT, 'affected');
var report = linux_unpatched::check_unpatched_constraints(distro_constraints_values:distro_constraints_values);

if (!empty_or_null(report))
{
  security_report_v4(
      port       : 0,
      severity   : SECURITY_WARNING,
      extra      : report
  );
  exit(0);
}
else
{
  audit(AUDIT_HOST_NOT, 'affected');
}

30 Aug 2025 00:00Current

6.3Medium risk

Vulners AI Score6.3

CVSS 3.19.8

EPSS0.01587

SSVC