CVE-2024-52949

Published: Dec 16, 2024Modified: Jun 17, 2026

7.5

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Exploitability: 3.9 / Impact: 3.6

Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0 (Secondary)

Description

iptraf-ng 1.2.1 has a stack-based buffer overflow. In src/ifaces.c, the strcpy function consistently fails to control the size, and it is consequently possible to overflow memory on the stack.

Affected (1)

Products: Iptraf Ng: Iptraf Ng

Iptraf Ng

1 product

Iptraf Ng

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Iptraf Ng Iptraf Ng	Version 1.2.1

Related CWEs

CWE-120

Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')

The product copies an input buffer to an output buffer without verifying that the size of the input buffer is less than the size of the output buffer, leading to a buffer overflow.

References (3)

https://github.com/iptraf-ng/iptraf-ng/releases/tag/v1.2.1

Source: cve@mitre.org

Release Notes

https://www.gruppotim.it/it/footer/red-team.html

Source: cve@mitre.org

ExploitThird Party Advisory

https://www.gruppotim.it/it/footer/red-team.html

Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0

ExploitThird Party Advisory

Timeline

No history available yet.