src icon indicating copy to clipboard operation
src copied to clipboard

Published 20 hours ago verified publisher icon MidnightBSD

CVE-2023-7256 (Medium) detected in multiple libraries

Open mend-bolt-for-github[bot] opened this issue 1 year ago • 18 comments

CVE-2023-7256 - Medium Severity Vulnerability

Vulnerable Libraries - src3.2.3, src3.2.3, src3.2.3, src3.2.3, src3.2.3

src3.2.3

MidnightBSD OS source code

Library home page: https://github.com/MidnightBSD/src.git

Vulnerable Source Files (4)

/contrib/libpcap/rpcapd/rpcapd.c /contrib/libpcap/sockutils.c /contrib/libpcap/pcap-rpcap.c /contrib/libpcap/sockutils.h

src3.2.3

MidnightBSD OS source code

Library home page: https://github.com/MidnightBSD/src.git

Vulnerable Source Files (4)

/contrib/libpcap/rpcapd/rpcapd.c /contrib/libpcap/sockutils.c /contrib/libpcap/pcap-rpcap.c /contrib/libpcap/sockutils.h

src3.2.3

MidnightBSD OS source code

Library home page: https://github.com/MidnightBSD/src.git

Vulnerable Source Files (4)

/contrib/libpcap/rpcapd/rpcapd.c /contrib/libpcap/sockutils.c /contrib/libpcap/pcap-rpcap.c /contrib/libpcap/sockutils.h

src3.2.3

MidnightBSD OS source code

Library home page: https://github.com/MidnightBSD/src.git

Vulnerable Source Files (4)

/contrib/libpcap/rpcapd/rpcapd.c /contrib/libpcap/sockutils.c /contrib/libpcap/pcap-rpcap.c /contrib/libpcap/sockutils.h

src3.2.3

MidnightBSD OS source code

Library home page: https://github.com/MidnightBSD/src.git

Vulnerable Source Files (4)

/contrib/libpcap/rpcapd/rpcapd.c /contrib/libpcap/sockutils.c /contrib/libpcap/pcap-rpcap.c /contrib/libpcap/sockutils.h

Found in base branch: stable/3.2

Vulnerability Details

In affected libpcap versions during the setup of a remote packet capture the internal function sock_initaddress() calls getaddrinfo() and possibly freeaddrinfo(), but does not clearly indicate to the caller function whether freeaddrinfo() still remains to be called after the function returns. This makes it possible in some scenarios that both the function and its caller call freeaddrinfo() for the same allocated memory block. A similar problem was reported in Apple libpcap, to which Apple assigned CVE-2023-40400.

Publish Date: 2024-08-30

URL: CVE-2023-7256

CVSS 3 Score Details (4.4)

Base Score Metrics:

  • Exploitability Metrics:
    • Attack Vector: Local
    • Attack Complexity: Low
    • Privileges Required: High
    • User Interaction: None
    • Scope: Unchanged
  • Impact Metrics:
    • Confidentiality Impact: None
    • Integrity Impact: None
    • Availability Impact: High
For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: https://www.cve.org/CVERecord?id=CVE-2023-7256

Release Date: 2024-08-30

Fix Resolution: libpcap-1.10.5

Step up your Open Source Security Game with Mend here

mend-bolt-for-github[bot] avatar Sep 01 '24 08:09 mend-bolt-for-github[bot]