Page 2 of 181 results (0.010 seconds)

CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0

The tok2strbuf() function in tcpdump 4.10.0-PRE-GIT was used by the SOME/IP dissector in an unsafe way. La función tok2strbuf() en tcpdump versión 4.10.0-PRE-GIT, fue usada por el disector SOME/IP en una manera no segura • https://github.com/the-tcpdump-group/tcpdump/commit/e2256b4f2506102be2c6f7976f84f0d607c53d43 • CWE-125: Out-of-bounds Read •

CVSS: 7.5EPSS: 0%CPEs: 22EXPL: 0

The ppp decapsulator in tcpdump 4.9.3 can be convinced to allocate a large amount of memory. El ppp decapsulator en tcpdump versión 4.9.3 puede ser convencido para que asigne una gran cantidad de memoria A flaw was found in tcpdump while printing PPP packets captured in a pcap file or coming from the network. This flaw allows a remote attacker to send specially crafted packets that, when printed, can lead the application to allocate a large amount of memory, resulting in a denial of service. The highest threat from this vulnerability is to system availability. • http://seclists.org/fulldisclosure/2021/Apr/51 https://github.com/the-tcpdump-group/tcpdump/commit/32027e199368dad9508965aae8cd8de5b6ab5231 https://lists.debian.org/debian-lts-announce/2020/11/msg00018.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/F2MX34MJIUJQGL6CMEPLTKFOOOC3CJ4Z https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LWDBONZVLC6BAOR2KM376DJCM4H3FERV https://support.apple.com/kb/HT212325 https://support.apple.com/kb/HT212326 h • CWE-400: Uncontrolled Resource Consumption CWE-770: Allocation of Resources Without Limits or Throttling •

CVSS: 7.5EPSS: 0%CPEs: 26EXPL: 0

sf-pcapng.c in libpcap before 1.9.1 does not properly validate the PHB header length before allocating memory. En el archivo sf-pcapng.c en libpcap versiones anteriores a 1.9.1, no comprueba apropiadamente la longitud del encabezado PHB antes de asignar la memoria. • http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00051.html http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00052.html http://seclists.org/fulldisclosure/2019/Dec/26 https://github.com/the-tcpdump-group/libpcap/blob/libpcap-1.9/CHANGES https://github.com/the-tcpdump-group/libpcap/commit/87d6bef033062f969e70fa40c43dfd945d5a20ab https://github.com/the-tcpdump-group/libpcap/commit/a5a36d9e82dde7265e38fe1f87b7f11c461c29f6 https://lists.debian.org/debian-lts-announce/2019/10/msg00031.html htt • CWE-400: Uncontrolled Resource Consumption CWE-770: Allocation of Resources Without Limits or Throttling •

CVSS: 5.3EPSS: 3%CPEs: 1EXPL: 0

rpcapd/daemon.c in libpcap before 1.9.1 allows SSRF because a URL may be provided as a capture source. El archivo rpcapd/daemon.c en libpcap versiones anteriores a 1.9.1, permite un ataque de tipo SSRF porque puede ser proporcionada una URL como una fuente de captura. • http://seclists.org/fulldisclosure/2019/Dec/26 https://github.com/the-tcpdump-group/libpcap/blob/libpcap-1.9/CHANGES https://github.com/the-tcpdump-group/libpcap/commit/33834cb2a4d035b52aa2a26742f832a112e90a0a https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5P5K3DQ4TFSZBDB3XN4CZNJNQ3UIF3D3 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GBIEKWLNIR62KZ5GA7EDXZS52HU6OE5F https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org • CWE-918: Server-Side Request Forgery (SSRF) •

CVSS: 7.5EPSS: 3%CPEs: 1EXPL: 0

rpcapd/daemon.c in libpcap before 1.9.1 allows attackers to cause a denial of service (NULL pointer dereference and daemon crash) if a crypt() call fails. El archivo rpcapd/daemon.c en libpcap versiones anteriores a 1.9.1, permite a atacantes causar una denegación de servicio (desreferencia del puntero NULL y bloqueo del demonio) si se presenta un fallo de una llamada de la función crypt(). • http://seclists.org/fulldisclosure/2019/Dec/26 https://github.com/the-tcpdump-group/libpcap/blob/libpcap-1.9/CHANGES https://github.com/the-tcpdump-group/libpcap/commit/437b273761adedcbd880f714bfa44afeec186a31 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5P5K3DQ4TFSZBDB3XN4CZNJNQ3UIF3D3 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GBIEKWLNIR62KZ5GA7EDXZS52HU6OE5F https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org • CWE-476: NULL Pointer Dereference •