Описание
Use after free in tcpslice triggers AddressSanitizer, no other confirmed impact.
A heap use-after-free flaw was found in tcpslices' extract_slice(). This flaw allows an attacker with local network access to pass a specially crafted 'pcap' file to tcpslice, causing segmentation fault. This vulnerability halts or crashes the application, leading to a denial of service.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Enterprise Linux 6 | tcpdump | Out of support scope | ||
| Red Hat Enterprise Linux 7 | tcpdump | Out of support scope | ||
| Red Hat Enterprise Linux 8 | tcpdump | Fixed | RHSA-2024:0769 | 12.02.2024 |
| Red Hat Enterprise Linux 8.6 Extended Update Support | tcpdump | Fixed | RHSA-2024:0410 | 25.01.2024 |
| Red Hat Enterprise Linux 8.8 Extended Update Support | tcpdump | Fixed | RHSA-2024:0571 | 30.01.2024 |
| Red Hat Enterprise Linux 9 | tcpdump | Fixed | RHSA-2024:2211 | 30.04.2024 |
| Red Hat Enterprise Linux 9.2 Extended Update Support | tcpdump | Fixed | RHSA-2024:1090 | 05.03.2024 |
Показывать по
10
Дополнительная информация
Статус:
Moderate
Дефект:
CWE-416
https://bugzilla.redhat.com/show_bug.cgi?id=2040392tcpslice: use-after-free in extract_slice()
EPSS
Процентиль: 47%
0.00243
Низкий
5.5 Medium
CVSS3
Связанные уязвимости
CVSS3: 5.5
ubuntu
больше 3 лет назад
Use after free in tcpslice triggers AddressSanitizer, no other confirmed impact.
CVSS3: 5.5
nvd
больше 3 лет назад
Use after free in tcpslice triggers AddressSanitizer, no other confirmed impact.
CVSS3: 5.5
debian
больше 3 лет назад
Use after free in tcpslice triggers AddressSanitizer, no other confirm ...
github
больше 3 лет назад
Use after free in tcpslice triggers AddressSanitizer, no other confirmed impact.
EPSS
Процентиль: 47%
0.00243
Низкий
5.5 Medium
CVSS3