← Back

CVE-2024-8006

nvd nist
Published: Aug 31, 2024Modified: Sep 19, 2024

JSON object

Loading...
4.4
Vector
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
Exploitability: 0.8 / Impact: 3.6
Source: NVD

Description

Remote packet capture support is disabled by default in libpcap. When a user builds libpcap with remote packet capture support enabled, one of the functions that become available is pcap_findalldevs_ex(). One of the function arguments can be a filesystem path, which normally means a directory with input data files. When the specified path cannot be used as a directory, the function receives NULL from opendir(), but does not check the return value and passes the NULL value to readdir(), which causes a NULL pointer derefence.

Affected (1)

Products: Tcpdump: Libpcap
Tcpdump
1 product
Libpcap
Configuration A
1 vulnerable
Vulnerable SoftwareAffected Versions
Libpcap
Before 1.10.5

Related CWEs

CWE-476
NULL Pointer Dereference
The product dereferences a pointer that it expects to be valid but is NULL.

References (2)

Source: security@tcpdump.org
Patch
Source: security@tcpdump.org
Patch

Timeline

No history available yet.