252 matches found
CVE-2024-47702 bpf: Fail verification for sign-extension of packet data/data_end/data_meta
In the Linux kernel, the following vulnerability has been resolved: bpf: Fail verification for sign-extension of packet data/dataend/datameta syzbot reported a kernel crash due to commit 1f1e864b6555 "bpf: Handle sign-extenstin ctx member accesses". The reason is due to sign-extension of 32-bit...
CVE-2024-47702 bpf: Fail verification for sign-extension of packet data/data_end/data_meta
In the Linux kernel, the following vulnerability has been resolved: bpf: Fail verification for sign-extension of packet data/dataend/datameta syzbot reported a kernel crash due to commit 1f1e864b6555 "bpf: Handle sign-extenstin ctx member accesses". The reason is due to sign-extension of 32-bit...
CVE-2024-47702
CVE-2024-47702 affects the Linux kernel BPF verifier. It exposes a sign-extension error when loading packet fields (__sk_buff->data/data_end/data_meta), where a 32‑bit sign extension can yield an invalid pointer if the value is treated as 64‑bit. The issue arises from how sign-extension intera...
CVE-2024-47702 bpf: Fail verification for sign-extension of packet data/data_end/data_meta
In the Linux kernel, the following vulnerability has been resolved: bpf: Fail verification for sign-extension of packet data/dataend/datameta syzbot reported a kernel crash due to commit 1f1e864b6555 "bpf: Handle sign-extenstin ctx member accesses". The reason is due to sign-extension of 32-bit...
MGASA-2024-0177 Updated tcpdump packages fix security vulnerability
Due to a bug in packet data buffers management, the PPP printer in tcpdump can enter an infinite loop when reading a crafted DLTPPPSERIAL .pcap savefile. CVE-2024-2397...
Updated tcpdump packages fix security vulnerability
Due to a bug in packet data buffers management, the PPP printer in tcpdump can enter an infinite loop when reading a crafted DLTPPPSERIAL .pcap savefile. CVE-2024-2397...
Fedora 39 : tcpdump (2024-272860364f)
The remote Fedora 39 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2024-272860364f advisory. Fix for CVE-2024-2397 Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that Nessus has not tested for...
PT-2024-40733 · Pcpp · Pcpp
Name of the Vulnerable Software and Affected Versions: pcpp affected versions not specified Description: The issue is related to a crash in the pcpp library, specifically in the pcpp::IPv6Layer destructor. The crash occurs due to a segmentation fault on an unknown address. Technical details about...
SUSE CVE-2024-26862
In the Linux kernel, the following vulnerability has been resolved: packet: annotate data-races around ignoreoutgoing ignoreoutgoing is read locklessly from devqueuexmitnit and packetgetsockopt Add appropriate READONCE/WRITEONCE annotations. syzbot reported: BUG: KCSAN: data-race in devqueuexmitn...
CVE-2024-2397
The CVE-2024-2397 issue is a bug in tcpdump affecting the git master branch (2023-06-05 to 2024-03-21) where packet data buffers management can cause an infinite loop when parsing crafted DLT_PPP_SERIAL .pcap files in the PPP printer. The vulnerability is not reported as present in released tcpdu...
CVE-2024-2397 infinite loop in the PPP printer of tcpdump
Due to a bug in packet data buffers management, the PPP printer in tcpdump can enter an infinite loop when reading a crafted DLTPPPSERIAL .pcap savefile. This problem does not affect any tcpdump release, but it affected the git master branch from 2023-06-05 to 2024-03-21...
CVE-2024-2397
Due to a bug in packet data buffers management, the PPP printer in tcpdump can enter an infinite loop when reading a crafted DLTPPPSERIAL .pcap savefile. This problem does not affect any tcpdump release, but it affected the git master branch from 2023-06-05 to 2024-03-21...
CVE-2024-25731
The Elink Smart eSmartCam com.cn.dq.ipc application 2.1.5 for Android contains hardcoded AES encryption keys that can be extracted from a binary file. Thus, encryption can be defeated by an attacker who can observe packet data e.g., over Wi-Fi...
Hardcoded credentials
The Elink Smart eSmartCam com.cn.dq.ipc application 2.1.5 for Android contains hardcoded AES encryption keys that can be extracted from a binary file. Thus, encryption can be defeated by an attacker who can observe packet data e.g., over Wi-Fi...
CVE-2023-33059
Memory corruption in Audio while processing the VOC packet data from ADSP...
CVE-2023-33059 Buffer Copy Without Checking Size of Input in Audio
Memory corruption in Audio while processing the VOC packet data from ADSP...
CVE-2023-33059 Buffer Copy Without Checking Size of Input in Audio
Memory corruption in Audio while processing the VOC packet data from ADSP...
CVE-2023-33031
CVE-2023-33031 describes a memory corruption vulnerability in Automotive Audio when copying data from the ADSP shared buffer to the VOC packet data buffer. The root cause is a missing or unsafe size check during a buffer copy, leading to memory corruption. Affected component is Automotive Audio (...
CVE-2023-33031 Buffer Copy Without Checking Size of Input in Automotive Audio
Memory corruption in Automotive Audio while copying data from ADSP shared buffer to the VOC packet data buffer...
Qualcomm Chipsets Security Vulnerability
Qualcomm Chipsets are a family of chipsets from Qualcomm Incorporated USA. A security vulnerability exists in Qualcomm Chipsets that stems from memory corruption in car audio when copying data from the ADSP shared buffer to the VOC packet data buffer...