Описание
In affected libpcap versions during the setup of a remote packet capture the internal function sock_initaddress() calls getaddrinfo() and possibly freeaddrinfo(), but does not clearly indicate to the caller function whether freeaddrinfo() still remains to be called after the function returns. This makes it possible in some scenarios that both the function and its caller call freeaddrinfo() for the same allocated memory block. A similar problem was reported in Apple libpcap, to which Apple assigned CVE-2023-40400.
A vulnerability was found in libpcap. During the setup of a remote packet capture, the internal sock_initaddress() function calls getaddrinfo() and possibly freeaddrinfo(), but does not clearly indicate to the caller function as to whether freeaddrinfo() remains to be called after the function returns. This issue makes it possible in some scenarios that the function and its caller call freeaddrinfo() for the same allocated memory block.
Отчет
This vulnerability is classified as Moderate severity rather than Important because while it involves a double-free condition that can lead to undefined behavior, the exploitability is generally constrained by the specific conditions under which the vulnerability can be triggered. The vulnerability arises in the handling of memory allocation and deallocation within a specific internal function (sock_initaddress()) during the remote packet capture setup, which is not commonly exposed to untrusted inputs or frequent use in most applications. Additionally, triggering the double-free condition typically requires precise control over the function's execution flow, limiting the practicality of exploitation.
Меры по смягчению последствий
Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Enterprise Linux 10 | libpcap | Not affected | ||
| Red Hat Enterprise Linux 6 | libpcap | Out of support scope | ||
| Red Hat Enterprise Linux 7 | libpcap | Out of support scope | ||
| Red Hat Enterprise Linux 8 | libpcap | Not affected | ||
| Red Hat Enterprise Linux 9 | libpcap | Not affected | ||
| Red Hat OpenShift Container Platform 4 | rhcos | Will not fix |
Показывать по
Дополнительная информация
Статус:
EPSS
4.4 Medium
CVSS3
Связанные уязвимости
In affected libpcap versions during the setup of a remote packet capture the internal function sock_initaddress() calls getaddrinfo() and possibly freeaddrinfo(), but does not clearly indicate to the caller function whether freeaddrinfo() still remains to be called after the function returns. This makes it possible in some scenarios that both the function and its caller call freeaddrinfo() for the same allocated memory block. A similar problem was reported in Apple libpcap, to which Apple assigned CVE-2023-40400.
In affected libpcap versions during the setup of a remote packet capture the internal function sock_initaddress() calls getaddrinfo() and possibly freeaddrinfo(), but does not clearly indicate to the caller function whether freeaddrinfo() still remains to be called after the function returns. This makes it possible in some scenarios that both the function and its caller call freeaddrinfo() for the same allocated memory block. A similar problem was reported in Apple libpcap, to which Apple assigned CVE-2023-40400.
In affected libpcap versions during the setup of a remote packet captu ...
EPSS
4.4 Medium
CVSS3