CVE-2024-2397

2024-04-1214:15:07

Google

osv.dev

bug

ppp printer

tcpdump

infinite loop

crafted dlt_ppp_serial

pcap savefile

software

data buffers

management

cve-2024-2397

6.2 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

0.0004 Low

EPSS

Percentile

15.7%

JSON

Due to a bug in packet data buffers management, the PPP printer in tcpdump can enter an infinite loop when reading a crafted DLT_PPP_SERIAL .pcap savefile. This problem does not affect any tcpdump release, but it affected the git master branch from 2023-06-05 to 2024-03-21.

CPENameOperatorVersion
tcpdumpeqtcpdump-3.5.1
tcpdumpeqtcpdump-4.5.0
tcpdumpeqtcpdump-3.7.1
tcpdumpeqtcpdump-4.9.0-bp
tcpdumpeqtcpdump-4.99.0-bp
tcpdumpeqtcpdump-4.6.0-bp
tcpdumpeqtcpdump-4.99-bp
tcpdumpeqtcpdump-3.8-bp
tcpdumpeqtcpdump-3.6.1
tcpdumpeqtcpdump-4.7.0-bp

Name	Operator	Version
tcpdump	eq	tcpdump-3.5.1
tcpdump	eq	tcpdump-4.5.0
tcpdump	eq	tcpdump-3.7.1
tcpdump	eq	tcpdump-4.9.0-bp
tcpdump	eq	tcpdump-4.99.0-bp
tcpdump	eq	tcpdump-4.6.0-bp
tcpdump	eq	tcpdump-4.99-bp
tcpdump	eq	tcpdump-3.8-bp
tcpdump	eq	tcpdump-3.6.1
tcpdump	eq	tcpdump-4.7.0-bp