Lucene search

[email protected]NVD:CVE-2024-8006

HistoryAug 31, 2024 - 12:15 a.m.

CVE-2024-8006

2024-08-3100:15:05

CWE-476

[email protected]

web.nvd.nist.gov

libpcap

remote packet capture

null pointer dereference

CVSS3

4.4

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H

EPSS

Percentile

9.5%

JSON

Remote packet capture support is disabled by default in libpcap. When a user builds libpcap with remote packet capture support enabled, one of the functions that become available is pcap_findalldevs_ex(). One of the function arguments can be a filesystem path, which normally means a directory with input data files. When the specified path cannot be used as a directory, the function receives NULL from opendir(), but does not check the return value and passes the NULL value to readdir(), which causes a NULL pointer derefence.

Affected configurations

Nvd

Node

tcpdumplibpcapRange<1.10.5

VendorProductVersionCPE
tcpdumplibpcap*cpe:2.3:a:tcpdump:libpcap:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
tcpdump	libpcap	*	cpe:2.3:a:tcpdump:libpcap::::::::

References

github.com/the-tcpdump-group/libpcap/commit/0f8a103469ce87d2b8d68c5130a46ddb7fb5eb29

github.com/the-tcpdump-group/libpcap/commit/8a633ee5b9ecd9d38a587ac9b204e2380713b0d6

CVSS3

4.4

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H

EPSS

Percentile

9.5%

JSON

Related for NVD:CVE-2024-8006

debiancve1 osv4 vulnrichment1 ubuntucve1 cvelist1 cve1 redhatcve1 alpinelinux1 redos1 slackware1 openvas2 nessus3 mageia1