CVSS: 4.4EPSS: 0%CPEs: 1EXPL: 0CVE-2024-8006 – NULL pointer dereference in libpcap before 1.10.5 with remote packet capture support
https://notcve.org/view.php?id=CVE-2024-8006
30 Aug 2024 — Remote packet capture support is disabled by default in libpcap. When a user builds libpcap with remote packet capture support enabled, one of the functions that become available is pcap_findalldevs_ex(). One of the function arguments can be a filesystem path, which normally means a directory with input data files. When the specified path cannot be used as a directory, the function receives NULL from opendir(), but does not check the return value and passes the NULL value to readdir(), which causes a NULL p... • https://github.com/the-tcpdump-group/libpcap/commit/0f8a103469ce87d2b8d68c5130a46ddb7fb5eb29 • CWE-476: NULL Pointer Dereference •
CVSS: 4.4EPSS: 0%CPEs: 1EXPL: 0CVE-2023-7256 – Double-free in libpcap before 1.10.5 with remote packet capture support.
https://notcve.org/view.php?id=CVE-2023-7256
30 Aug 2024 — In affected libpcap versions during the setup of a remote packet capture the internal function sock_initaddress() calls getaddrinfo() and possibly freeaddrinfo(), but does not clearly indicate to the caller function whether freeaddrinfo() still remains to be called after the function returns. This makes it possible in some scenarios that both the function and its caller call freeaddrinfo() for the same allocated memory block. A similar problem was reported in Apple libpcap, to which Apple assigned CVE-2023-... • https://github.com/the-tcpdump-group/libpcap/commit/262e4f34979872d822ccedf9f318ed89c4d31c03 • CWE-415: Double Free •
CVSS: 7.5EPSS: 1%CPEs: 26EXPL: 0CVE-2019-15165 – libpcap: Resource exhaustion during PHB header length validation
https://notcve.org/view.php?id=CVE-2019-15165
03 Oct 2019 — sf-pcapng.c in libpcap before 1.9.1 does not properly validate the PHB header length before allocating memory. En el archivo sf-pcapng.c en libpcap versiones anteriores a 1.9.1, no comprueba apropiadamente la longitud del encabezado PHB antes de asignar la memoria. Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. The compliance-operator image updates are now available for OpenShift Container Platf... • http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00051.html • CWE-400: Uncontrolled Resource Consumption CWE-770: Allocation of Resources Without Limits or Throttling •
CVSS: 5.3EPSS: 1%CPEs: 1EXPL: 0CVE-2019-15164 – Apple Security Advisory 2019-12-10-3
https://notcve.org/view.php?id=CVE-2019-15164
03 Oct 2019 — rpcapd/daemon.c in libpcap before 1.9.1 allows SSRF because a URL may be provided as a capture source. El archivo rpcapd/daemon.c en libpcap versiones anteriores a 1.9.1, permite un ataque de tipo SSRF porque puede ser proporcionada una URL como una fuente de captura. macOS Catalina 10.15.2, Security Update 2019-002 Mojave, Security Update 2019-007 High Sierra is now available and addresses buffer overflow, code execution, and denial of service vulnerabilities. • http://seclists.org/fulldisclosure/2019/Dec/26 • CWE-918: Server-Side Request Forgery (SSRF) •
CVSS: 7.5EPSS: 2%CPEs: 1EXPL: 0CVE-2019-15163 – Apple Security Advisory 2019-12-10-3
https://notcve.org/view.php?id=CVE-2019-15163
03 Oct 2019 — rpcapd/daemon.c in libpcap before 1.9.1 allows attackers to cause a denial of service (NULL pointer dereference and daemon crash) if a crypt() call fails. El archivo rpcapd/daemon.c en libpcap versiones anteriores a 1.9.1, permite a atacantes causar una denegación de servicio (desreferencia del puntero NULL y bloqueo del demonio) si se presenta un fallo de una llamada de la función crypt(). macOS Catalina 10.15.2, Security Update 2019-002 Mojave, Security Update 2019-007 High Sierra is now available and add... • http://seclists.org/fulldisclosure/2019/Dec/26 • CWE-476: NULL Pointer Dereference •
CVSS: 5.3EPSS: 1%CPEs: 2EXPL: 0CVE-2019-15162 – Apple Security Advisory 2019-12-10-3
https://notcve.org/view.php?id=CVE-2019-15162
03 Oct 2019 — rpcapd/daemon.c in libpcap before 1.9.1 on non-Windows platforms provides details about why authentication failed, which might make it easier for attackers to enumerate valid usernames. El archivo rpcapd/daemon.c en libpcap versiones anteriores a 1.9.1, en plataformas diferentes de Windows proporciona detalles sobre por qué falló la autenticación, lo que podría hacer más fácil para que atacantes enumeren nombres de usuario válidos. macOS Catalina 10.15.2, Security Update 2019-002 Mojave, Security Update 201... • http://seclists.org/fulldisclosure/2019/Dec/26 • CWE-345: Insufficient Verification of Data Authenticity •
CVSS: 5.3EPSS: 2%CPEs: 1EXPL: 0CVE-2019-15161 – Apple Security Advisory 2019-12-10-3
https://notcve.org/view.php?id=CVE-2019-15161
03 Oct 2019 — rpcapd/daemon.c in libpcap before 1.9.1 mishandles certain length values because of reuse of a variable. This may open up an attack vector involving extra data at the end of a request. El archivo rpcapd/daemon.c en libpcap versiones anteriores a 1.9.1, maneja inapropiadamente ciertos valores de longitud debido a la reutilización de una variable. Esto puede abrir un vector de ataque involucrando datos adicionales al final de una petición. macOS Catalina 10.15.2, Security Update 2019-002 Mojave, Security Upda... • http://seclists.org/fulldisclosure/2019/Dec/26 • CWE-131: Incorrect Calculation of Buffer Size •
CVSS: 9.8EPSS: 1%CPEs: 1EXPL: 0CVE-2011-1935
https://notcve.org/view.php?id=CVE-2011-1935
20 Oct 2017 — pcap-linux.c in libpcap 1.1.1 before commit ea9432fabdf4b33cbc76d9437200e028f1c47c93 when snaplen is set may truncate packets, which might allow remote attackers to send arbitrary data while avoiding detection via crafted packets. pcap-linux.c en libpcap 1.1.1 antes del commit con ID ea9432fabdf4b33cbc76d9437200e028f1c47c93, cuando snaplen está establecido puede truncar paquetes, lo que podría permitir que atacantes remotos envíen datos arbitrarios evitando la detección mediante paquetes manipulados • http://article.gmane.org/gmane.network.tcpdump.devel/4968 •