{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2023-7256", "assignerOrgId": "cfdbb673-b408-4d03-89c1-c3d73ed80896", "state": "PUBLISHED", "assignerShortName": "Tcpdump", "dateReserved": "2024-04-11T15:02:51.577Z", "datePublished": "2024-08-30T23:44:04.383Z", "dateUpdated": "2024-09-03T20:07:34.599Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "modules": ["remote packet capture"], "product": "libpcap", "repo": "https://github.com/the-tcpdump-group/libpcap/", "vendor": "The Tcpdump Group", "versions": [{"status": "affected", "version": "1.8.x"}, {"status": "affected", "version": "1.9.x"}, {"lessThanOrEqual": "1.10.4", "status": "affected", "version": "1.10.x", "versionType": "semver"}]}], "configurations": [{"lang": "en", "value": "The problem is specific to the remote packet capture code, which is not enabled in the default build configuration."}], "credits": [{"lang": "en", "type": "reporter", "value": "Dora Sweet"}], "descriptions": [{"lang": "en", "value": "In affected libpcap versions during the setup of a remote packet capture the internal function sock_initaddress() calls getaddrinfo() and possibly freeaddrinfo(), but does not clearly indicate to the caller function whether freeaddrinfo() still remains to be called after the function returns. This makes it possible in some scenarios that both the function and its caller call freeaddrinfo() for the same allocated memory block. A similar problem was reported in Apple libpcap, to which Apple assigned CVE-2023-40400."}], "exploits": [{"lang": "en", "value": "A functional exploit exists."}], "metrics": [{"format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}], "cvssV3_1": {"version": "3.1", "attackVector": "LOCAL", "attackComplexity": "LOW", "privilegesRequired": "HIGH", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "HIGH", "baseSeverity": "MEDIUM", "baseScore": 4.4, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H"}}], "problemTypes": [{"descriptions": [{"cweId": "CWE-415", "description": "CWE-415 Double Free", "lang": "en", "type": "CWE"}]}], "references": [{"tags": ["patch"], "url": "https://github.com/the-tcpdump-group/libpcap/commit/262e4f34979872d822ccedf9f318ed89c4d31c03"}, {"tags": ["patch"], "url": "https://github.com/the-tcpdump-group/libpcap/commit/2aa69b04d8173b18a0e3492e0c8f2f7fabdf642d"}], "solutions": [{"lang": "en", "value": "Upgrade to libpcap 1.10.5."}], "source": {"discovery": "EXTERNAL"}, "title": "Double-free in libpcap before 1.10.5 with remote packet capture support.", "workarounds": [{"lang": "en", "value": "Do not build libpcap with remote packet capture support."}], "providerMetadata": {"orgId": "cfdbb673-b408-4d03-89c1-c3d73ed80896", "shortName": "Tcpdump", "dateUpdated": "2024-08-30T23:44:04.383Z"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-09-03T20:03:11.759531Z", "id": "CVE-2023-7256", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-09-03T20:07:34.599Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2023-7256", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-09-03T20:03:11.759531Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-09-03T20:07:15.451Z"}}], "cna": {"title": "Double-free in libpcap before 1.10.5 with remote packet capture support.", "source": {"discovery": "EXTERNAL"}, "credits": [{"lang": "en", "type": "reporter", "value": "Dora Sweet"}], "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 4.4, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "HIGH", "confidentialityImpact": "NONE"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"repo": "https://github.com/the-tcpdump-group/libpcap/", "vendor": "The Tcpdump Group", "modules": ["remote packet capture"], "product": "libpcap", "versions": [{"status": "affected", "version": "1.8.x"}, {"status": "affected", "version": "1.9.x"}, {"status": "affected", "version": "1.10.x", "versionType": "semver", "lessThanOrEqual": "1.10.4"}], "defaultStatus": "unaffected"}], "exploits": [{"lang": "en", "value": "A functional exploit exists."}], "solutions": [{"lang": "en", "value": "Upgrade to libpcap 1.10.5."}], "references": [{"url": "https://github.com/the-tcpdump-group/libpcap/commit/262e4f34979872d822ccedf9f318ed89c4d31c03", "tags": ["patch"]}, {"url": "https://github.com/the-tcpdump-group/libpcap/commit/2aa69b04d8173b18a0e3492e0c8f2f7fabdf642d", "tags": ["patch"]}], "workarounds": [{"lang": "en", "value": "Do not build libpcap with remote packet capture support."}], "descriptions": [{"lang": "en", "value": "In affected libpcap versions during the setup of a remote packet capture the internal function sock_initaddress() calls getaddrinfo() and possibly freeaddrinfo(), but does not clearly indicate to the caller function whether freeaddrinfo() still remains to be called after the function returns. This makes it possible in some scenarios that both the function and its caller call freeaddrinfo() for the same allocated memory block. A similar problem was reported in Apple libpcap, to which Apple assigned CVE-2023-40400."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-415", "description": "CWE-415 Double Free"}]}], "configurations": [{"lang": "en", "value": "The problem is specific to the remote packet capture code, which is not enabled in the default build configuration."}], "providerMetadata": {"orgId": "cfdbb673-b408-4d03-89c1-c3d73ed80896", "shortName": "Tcpdump", "dateUpdated": "2024-08-30T23:44:04.383Z"}}}, "cveMetadata": {"cveId": "CVE-2023-7256", "state": "PUBLISHED", "dateUpdated": "2024-09-03T20:07:34.599Z", "dateReserved": "2024-04-11T15:02:51.577Z", "assignerOrgId": "cfdbb673-b408-4d03-89c1-c3d73ed80896", "datePublished": "2024-08-30T23:44:04.383Z", "assignerShortName": "Tcpdump"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:tcpdump:libpcap:*:*:*:*:*:*:*:*", "matchCriteriaId": "83511DB8-7FA5-4C5D-8E9D-B6310A1006C4", "versionEndExcluding": "1.10.5", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "In affected libpcap versions during the setup of a remote packet capture the internal function sock_initaddress() calls getaddrinfo() and possibly freeaddrinfo(), but does not clearly indicate to the caller function whether freeaddrinfo() still remains to be called after the function returns. This makes it possible in some scenarios that both the function and its caller call freeaddrinfo() for the same allocated memory block. A similar problem was reported in Apple libpcap, to which Apple assigned CVE-2023-40400."}, {"lang": "es", "value": "En las versiones de libpcap afectadas, durante la configuraci\u00f3n de una captura de paquetes remota, la funci\u00f3n interna sock_initaddress() llama a getaddrinfo() y posiblemente a freeaddrinfo(), pero no indica claramente a la funci\u00f3n que la llama si a\u00fan queda por llamar a freeaddrinfo() despu\u00e9s de que la funci\u00f3n regrese. Esto hace posible en algunos escenarios que tanto la funci\u00f3n como su llamador llamen a freeaddrinfo() para el mismo bloque de memoria asignado. Se inform\u00f3 un problema similar en Apple libpcap, al que Apple le asign\u00f3 CVE-2023-40400."}], "id": "CVE-2023-7256", "lastModified": "2024-09-19T17:53:15.207", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 4.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 0.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 4.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 0.8, "impactScore": 3.6, "source": "security@tcpdump.org", "type": "Secondary"}]}, "published": "2024-08-31T00:15:05.240", "references": [{"source": "security@tcpdump.org", "tags": ["Patch"], "url": "https://github.com/the-tcpdump-group/libpcap/commit/262e4f34979872d822ccedf9f318ed89c4d31c03"}, {"source": "security@tcpdump.org", "tags": ["Patch"], "url": "https://github.com/the-tcpdump-group/libpcap/commit/2aa69b04d8173b18a0e3492e0c8f2f7fabdf642d"}], "sourceIdentifier": "security@tcpdump.org", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-415"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-415"}], "source": "security@tcpdump.org", "type": "Secondary"}]}

{"bugzilla": {"description": "libpcap: Double Free in libcap", "id": "2308783", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2308783"}, "csaw": false, "cvss3": {"cvss3_base_score": "4.4", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", "status": "draft"}, "cwe": "CWE-415", "details": ["In affected libpcap versions during the setup of a remote packet capture the internal function sock_initaddress() calls getaddrinfo() and possibly freeaddrinfo(), but does not clearly indicate to the caller function whether freeaddrinfo() still remains to be called after the function returns. This makes it possible in some scenarios that both the function and its caller call freeaddrinfo() for the same allocated memory block. A similar problem was reported in Apple libpcap, to which Apple assigned CVE-2023-40400.", "A vulnerability was found in libpcap. During the setup of a remote packet capture, the internal sock_initaddress() function calls getaddrinfo() and possibly freeaddrinfo(), but does not clearly indicate to the caller function as to whether freeaddrinfo() remains to be called after the function returns.\u00a0 This issue makes it possible in some scenarios that the function and its caller call freeaddrinfo() for the same allocated memory block."], "mitigation": {"lang": "en:us", "value": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability."}, "name": "CVE-2023-7256", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Out of support scope", "package_name": "libpcap", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Out of support scope", "package_name": "libpcap", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "libpcap", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "libpcap", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/a:redhat:openshift:4", "fix_state": "Affected", "package_name": "rhcos", "product_name": "Red Hat OpenShift Container Platform 4"}], "public_date": "2024-08-31T00:15:05Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2023-7256\nhttps://nvd.nist.gov/vuln/detail/CVE-2023-7256\nhttps://github.com/the-tcpdump-group/libpcap/commit/262e4f34979872d822ccedf9f318ed89c4d31c03\nhttps://github.com/the-tcpdump-group/libpcap/commit/2aa69b04d8173b18a0e3492e0c8f2f7fabdf642d"], "statement": "This vulnerability is classified as Moderate severity rather than Important because while it involves a double-free condition that can lead to undefined behavior, the exploitability is generally constrained by the specific conditions under which the vulnerability can be triggered. The vulnerability arises in the handling of memory allocation and deallocation within a specific internal function (sock_initaddress()) during the remote packet capture setup, which is not commonly exposed to untrusted inputs or frequent use in most applications. Additionally, triggering the double-free condition typically requires precise control over the function's execution flow, limiting the practicality of exploitation.", "threat_severity": "Moderate"}