CVE-2023-7256

In affected libpcap versions during the setup of a remote packet capture the internal function sockinitaddress calls getaddrinfo and possibly freeaddrinfo, but does not clearly indicate to the caller function whether freeaddrinfo still remains to be called after the function returns. This makes i...

CVE-2023-7256

CVE-2023-7256 – libpcap is affected by a double-free in the remote packet capture setup path. The root cause is that sock_initaddress() calls getaddrinfo() and may call freeaddrinfo(), but does not clearly communicate to the caller whether freeaddrinfo() still needs to be called after return. Thi...

libpcap 资源管理错误漏洞

libpcap is a portable C/C ++ library for network traffic capture from the Tcpdump team. A resource management error vulnerability exists in libpcap, which stems from an unclear logic in the sockinitaddress function's calls to getaddrinfo and freeaddrinfo, which could result in the same block of...

PT-2024-6379 · Libpcap +3 · Libpcap +3

Name of the Vulnerable Software and Affected Versions: libpcap versions affected versions not specified Description: The issue is related to the function freeaddrinfo in the libpcap library, where it is called for the same allocated memory block, potentially leading to a denial of service. During...

libuv: Improper Domain Lookup that potentially leads to SSRF attacks

A server-side request forgery SSRF flaw was found in the libuv package due to how the hostnameascii variable is handled in uvgetaddrinfo and uvidnatoascii. When the hostname exceeds 256 characters, it gets truncated without a terminating null byte. As a result, attackers may be able to access...

EulerOS Virtualization 2.10.1 : libuv (EulerOS-SA-2024-2004)

According to the versions of the libuv package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : libuv is a multi-platform support library with a focus on asynchronous I/O. The uvgetaddrinfo function in src/unix/getaddrinfo.c and...

EulerOS Virtualization 2.10.0 : libuv (EulerOS-SA-2024-1986)

According to the versions of the libuv package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : libuv is a multi-platform support library with a focus on asynchronous I/O. The uvgetaddrinfo function in src/unix/getaddrinfo.c and...

CLSA-2024-1720094351 glibc: Fix of 2 CVEs

Fix a memory leak in converthostenttogaihaddrtuple function with AIALL - CVE-2023-4806: fix memory access issue in getaddrinfo function by implementing nssgethostbyname3r hook - CVE-2023-4813: fix memory leakage in gaihinet function to prevent application crash when getaddrinfo function is called...

Oracle Linux 9 : glibc (ELSA-2024-12472)

The remote Oracle Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2024-12472 advisory. - CVE-2024-33599: nscd: buffer overflow in netgroup cache RHEL-34318 - CVE-2024-33600: nscd: null pointer dereferences in netgroup cache -...

CLSA-2024-1719920294 glibc: Fix of 2 CVEs

Fix a memory leak in converthostenttogaihaddrtuple function with AIALL - CVE-2023-4806: fix memory access issue in getaddrinfo function by implementing nssgethostbyname3r hook - CVE-2023-4813: fix memory leakage in gaihinet function to prevent application crash when getaddrinfo function is called...

glibc security update

2.28-251.0.2.2 - Forward port of Oracle patches over 2.28-251.2 Reviewed-by: Jose E. Marchesi Oracle history: May-23-2024 Cupertino Miranda - 2.28-251.0.2.1 - Forward port of Oracle patches over 2.28-251.1 Reviewed-by: Jose E. Marchesi May-22-2024 Cupertino Miranda - 2.28-251.0.2 - Forward port o...

EulerOS 2.0 SP11 : libuv (EulerOS-SA-2024-1802)

According to the versions of the libuv package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : libuv is a multi-platform support library with a focus on asynchronous I/O. The uvgetaddrinfo function in src/unix/getaddrinfo.c and its windows...

Huawei EulerOS: Security Advisory for libuv (EulerOS-SA-2024-1790)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

EulerOS 2.0 SP12 : libuv (EulerOS-SA-2024-1743)

According to the versions of the libuv package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : libuv is a multi-platform support library with a focus on asynchronous I/O. The uvgetaddrinfo function in src/unix/getaddrinfo.c and its windows...

EulerOS 2.0 SP12 : libuv (EulerOS-SA-2024-1766)

According to the versions of the libuv package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : libuv is a multi-platform support library with a focus on asynchronous I/O. The uvgetaddrinfo function in src/unix/getaddrinfo.c and its windows...

EulerOS Virtualization 2.11.1 : libuv (EulerOS-SA-2024-1717)

According to the versions of the libuv package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : libuv is a multi-platform support library with a focus on asynchronous I/O. The uvgetaddrinfo function in src/unix/getaddrinfo.c and...

EulerOS Virtualization 2.11.0 : libuv (EulerOS-SA-2024-1728)

According to the versions of the libuv package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : libuv is a multi-platform support library with a focus on asynchronous I/O. The uvgetaddrinfo function in src/unix/getaddrinfo.c and...

EulerOS Virtualization 3.0.6.6 : glibc (EulerOS-SA-2024-1650)

According to the versions of the glibc packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - A flaw was found in glibc. In an uncommon situation, the gaihinet function may use memory that has been freed, resulting in an...

EulerOS 2.0 SP10 : libuv (EulerOS-SA-2024-1572)

According to the versions of the libuv package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - libuv is a multi-platform support library with a focus on asynchronous I/O. The uvgetaddrinfo function in src/unix/getaddrinfo.c and its windows...

glibc: potential use-after-free in getaddrinfo()

A flaw has been identified in glibc. In an extremely rare situation, the getaddrinfo function may access memory that has been freed, resulting in an application crash. This issue is only exploitable when a NSS module implements only the nssgethostbyname2r and nssgetcanonnamer hooks without...