src
src copied to clipboard
MidnightBSD
CVE-2024-8006 (Medium) detected in src3.2.3, src3.2.3
CVE-2024-8006 - Medium Severity Vulnerability
Vulnerable Libraries - src3.2.3, src3.2.3
MidnightBSD OS source code Library home page: https://github.com/MidnightBSD/src.git
src3.2.3
Vulnerable Source Files (1)
/contrib/libpcap/pcap-new.c
src3.2.3
MidnightBSD OS source code
Library home page: https://github.com/MidnightBSD/src.git
Vulnerable Source Files (1)
/contrib/libpcap/pcap-new.c
Found in base branch: stable/3.2
Vulnerability Details
Remote packet capture support is disabled by default in libpcap. When a user builds libpcap with remote packet capture support enabled, one of the functions that become available is pcap_findalldevs_ex(). One of the function arguments can be a filesystem path, which normally means a directory with input data files. When the specified path cannot be used as a directory, the function receives NULL from opendir(), but does not check the return value and passes the NULL value to readdir(), which causes a NULL pointer derefence.
Publish Date: 2024-08-30
URL: CVE-2024-8006
CVSS 3 Score Details (4.4)
Base Score Metrics:
- Exploitability Metrics:
- Attack Vector: Local
- Attack Complexity: Low
- Privileges Required: High
- User Interaction: None
- Scope: Unchanged
- Impact Metrics:
- Confidentiality Impact: None
- Integrity Impact: None
- Availability Impact: High
Suggested Fix
Type: Upgrade version
Origin: https://www.cve.org/CVERecord?id=CVE-2024-8006
Release Date: 2024-08-30
Fix Resolution: libpcap-1.10.5
Step up your Open Source Security Game with Mend here
![mend-bolt-for-github[bot] avatar](https://avatars.githubusercontent.com/in/16809?v=4 "Published by a pub.dev verified publisher"){kind=small}