Libpcap Security Vulnerabilities and Issues — Libpcap CVE List

TcpdumpLibpcap

8 matches found

CVE•added 2019/10/03 6:38 p.m.•460 views

CVE-2019-15165

The CVE-2019-15165 issue affects libpcap: sf-pcapng.c in libpcap before 1.9.1 fails to validate PHB header length before memory allocation, enabling potential memory exhaustion. Confirmed references from multiple advisories indicate the vulnerability is addressed by upgrading to libpcap 1.9.1 or ...

5.3CVSS6.2AI score0.02834EPSS

CVE•added 2019/10/03 6:24 p.m.•188 views

CVE-2019-15161

The CVE-2019-15161 entry affects libpcap prior to 1.9.1. Root cause: a variable reuse leads to mishandling of certain length values, which may allow an attack vector involving extra data at the end of a request. Affected products/contexts appear in multiple advisories (euleros, OpenVAS/Nessus lis...

5.3CVSS6AI score0.02764EPSS

CVE•added 2019/10/03 6:34 p.m.•185 views

CVE-2019-15163

CVE-2019-15163 concerns libpcap prior to 1.9.1. The rpcapd/daemon.c path allows a denial of service via a NULL pointer dereference if a crypt() call fails. This is part of a set of vulnerabilities in libpcap before 1.9.1 (RPCAP daemon handling and related length reuse issues) that can cause crash...

7.5CVSS7.1AI score0.04436EPSS

CVE•added 2019/10/03 6:36 p.m.•167 views

CVE-2019-15164

CVE-2019-15164 affects libpcap (rpcapd/daemon.c). The issue allows an SSRF by providing a URL as a capture source in libpcap before version 1.9.1. EulerOS/OpenVAS entries confirm libpcap 1.9.1 as the fix. Remediation: upgrade to libpcap 1.9.1 or newer to address this vulnerability. If exploiting ...

5.3CVSS6AI score0.02872EPSS

CVE•added 2019/10/03 6:32 p.m.•162 views

CVE-2019-15162

CVE-2019-15162 affects libpcap before 1.9.1 on non-Windows platforms. The rpcapd daemon may disclose authentication failure details, which could aid attackers in enumerating valid usernames. Public documents confirm updates to libpcap (to 1.9.1) across platforms (e.g., Apple iOS/watchOS/tvOS secu...

5.3CVSS6.2AI score0.01783EPSS

CVE•added 2024/08/30 11:44 p.m.•127 views

CVE-2023-7256

CVE-2023-7256 – libpcap is affected by a double-free in the remote packet capture setup path. The root cause is that sock_initaddress() calls getaddrinfo() and may call freeaddrinfo(), but does not clearly communicate to the caller whether freeaddrinfo() still needs to be called after return. Thi...

4.4CVSS4.7AI score0.0022EPSS

CVE•added 2024/08/30 11:53 p.m.•95 views

CVE-2024-8006

CVE-2024-8006 affects libpcap when built with remote packet capture support enabled. The vulnerability arises in pcap_findalldevs_ex() where a NULL is passed to readdir() after opendir() returns NULL (directory-usage path), causing a NULL pointer dereference and an availability impact. No explici...

4.4CVSS4.5AI score0.0022EPSS

CVE•added 2017/10/20 6:0 p.m.•55 views

CVE-2011-1935

Details from multiple sources confirm CVE-2011-1935 affects libpcap's pcap-linux.c codepath for libpcap 1.1.1 prior to commit ea9432fabdf4b33cbc76d9437200e028f1c47c93. When snaplen is set, the frame size calculation may truncate packets, potentially allowing a remote attacker who can send crafted...

9.8CVSS9.4AI score0.03649EPSS