{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-8006", "assignerOrgId": "cfdbb673-b408-4d03-89c1-c3d73ed80896", "state": "PUBLISHED", "assignerShortName": "Tcpdump", "dateReserved": "2024-08-20T09:58:58.455Z", "datePublished": "2024-08-30T23:53:11.334Z", "dateUpdated": "2024-09-03T19:17:49.301Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "modules": ["remote packet capture"], "product": "libpcap", "programRoutines": [{"name": "pcap_findalldevs_ex()"}], "repo": "https://github.com/the-tcpdump-group/libpcap/", "vendor": "The Tcpdump Group", "versions": [{"status": "affected", "version": "1.9.x"}, {"lessThanOrEqual": "1.10.4", "status": "affected", "version": "1.10.x", "versionType": "semver"}]}], "configurations": [{"lang": "en", "value": "The problem is specific to the remote packet capture code, which is not enabled in the default build configuration."}], "credits": [{"lang": "en", "type": "finder", "value": "Flavio Toffalini"}, {"lang": "en", "type": "reporter", "value": "Nicolas Badoux"}], "descriptions": [{"lang": "en", "value": "Remote packet capture support is disabled by default in libpcap. When a user builds libpcap with remote packet capture support enabled, one of the functions that become available is pcap_findalldevs_ex(). One of the function arguments can be a filesystem path, which normally means a directory with input data files. When the specified path cannot be used as a directory, the function receives NULL from opendir(), but does not check the return value and passes the NULL value to readdir(), which causes a NULL pointer derefence."}], "exploits": [{"lang": "en", "value": "A functional exploit exists."}], "metrics": [{"format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}], "cvssV3_1": {"version": "3.1", "attackVector": "LOCAL", "attackComplexity": "LOW", "privilegesRequired": "HIGH", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "HIGH", "baseSeverity": "MEDIUM", "baseScore": 4.4, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H"}}], "problemTypes": [{"descriptions": [{"cweId": "CWE-476", "description": "CWE-476 NULL Pointer Dereference", "lang": "en", "type": "CWE"}]}], "references": [{"tags": ["patch"], "url": "https://github.com/the-tcpdump-group/libpcap/commit/0f8a103469ce87d2b8d68c5130a46ddb7fb5eb29"}, {"tags": ["patch"], "url": "https://github.com/the-tcpdump-group/libpcap/commit/8a633ee5b9ecd9d38a587ac9b204e2380713b0d6"}], "solutions": [{"lang": "en", "value": "Upgrade to libpcap 1.10.5."}], "source": {"discovery": "EXTERNAL"}, "title": "NULL pointer dereference in libpcap before 1.10.5 with remote packet capture support", "workarounds": [{"lang": "en", "value": "Do not build libpcap with remote packet capture support."}], "providerMetadata": {"orgId": "cfdbb673-b408-4d03-89c1-c3d73ed80896", "shortName": "Tcpdump", "dateUpdated": "2024-08-30T23:53:11.334Z"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-09-03T19:17:39.415802Z", "id": "CVE-2024-8006", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-09-03T19:17:49.301Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-8006", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-09-03T19:17:39.415802Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-09-03T19:17:45.961Z"}}], "cna": {"title": "NULL pointer dereference in libpcap before 1.10.5 with remote packet capture support", "source": {"discovery": "EXTERNAL"}, "credits": [{"lang": "en", "type": "finder", "value": "Flavio Toffalini"}, {"lang": "en", "type": "reporter", "value": "Nicolas Badoux"}], "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 4.4, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "HIGH", "confidentialityImpact": "NONE"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"repo": "https://github.com/the-tcpdump-group/libpcap/", "vendor": "The Tcpdump Group", "modules": ["remote packet capture"], "product": "libpcap", "versions": [{"status": "affected", "version": "1.9.x"}, {"status": "affected", "version": "1.10.x", "versionType": "semver", "lessThanOrEqual": "1.10.4"}], "defaultStatus": "unaffected", "programRoutines": [{"name": "pcap_findalldevs_ex()"}]}], "exploits": [{"lang": "en", "value": "A functional exploit exists."}], "solutions": [{"lang": "en", "value": "Upgrade to libpcap 1.10.5."}], "references": [{"url": "https://github.com/the-tcpdump-group/libpcap/commit/0f8a103469ce87d2b8d68c5130a46ddb7fb5eb29", "tags": ["patch"]}, {"url": "https://github.com/the-tcpdump-group/libpcap/commit/8a633ee5b9ecd9d38a587ac9b204e2380713b0d6", "tags": ["patch"]}], "workarounds": [{"lang": "en", "value": "Do not build libpcap with remote packet capture support."}], "descriptions": [{"lang": "en", "value": "Remote packet capture support is disabled by default in libpcap. When a user builds libpcap with remote packet capture support enabled, one of the functions that become available is pcap_findalldevs_ex(). One of the function arguments can be a filesystem path, which normally means a directory with input data files. When the specified path cannot be used as a directory, the function receives NULL from opendir(), but does not check the return value and passes the NULL value to readdir(), which causes a NULL pointer derefence."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-476", "description": "CWE-476 NULL Pointer Dereference"}]}], "configurations": [{"lang": "en", "value": "The problem is specific to the remote packet capture code, which is not enabled in the default build configuration."}], "providerMetadata": {"orgId": "cfdbb673-b408-4d03-89c1-c3d73ed80896", "shortName": "Tcpdump", "dateUpdated": "2024-08-30T23:53:11.334Z"}}}, "cveMetadata": {"cveId": "CVE-2024-8006", "state": "PUBLISHED", "dateUpdated": "2024-09-03T19:17:49.301Z", "dateReserved": "2024-08-20T09:58:58.455Z", "assignerOrgId": "cfdbb673-b408-4d03-89c1-c3d73ed80896", "datePublished": "2024-08-30T23:53:11.334Z", "assignerShortName": "Tcpdump"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:tcpdump:libpcap:*:*:*:*:*:*:*:*", "matchCriteriaId": "83511DB8-7FA5-4C5D-8E9D-B6310A1006C4", "versionEndExcluding": "1.10.5", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Remote packet capture support is disabled by default in libpcap. When a user builds libpcap with remote packet capture support enabled, one of the functions that become available is pcap_findalldevs_ex(). One of the function arguments can be a filesystem path, which normally means a directory with input data files. When the specified path cannot be used as a directory, the function receives NULL from opendir(), but does not check the return value and passes the NULL value to readdir(), which causes a NULL pointer derefence."}, {"lang": "es", "value": "La compatibilidad con captura remota de paquetes est\u00e1 deshabilitada de forma predeterminada en libpcap. Cuando un usuario compila libpcap con la compatibilidad con captura remota de paquetes habilitada, una de las funciones que se vuelven disponibles es pcap_findalldevs_ex(). Uno de los argumentos de la funci\u00f3n puede ser una ruta del sistema de archivos, que normalmente significa un directorio con archivos de datos de entrada. Cuando la ruta especificada no se puede usar como directorio, la funci\u00f3n recibe NULL de opendir(), pero no verifica el valor de retorno y pasa el valor NULL a readdir(), lo que provoca una desreferencia del puntero NULL."}], "id": "CVE-2024-8006", "lastModified": "2024-09-19T17:46:03.447", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 4.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 0.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 4.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 0.8, "impactScore": 3.6, "source": "security@tcpdump.org", "type": "Secondary"}]}, "published": "2024-08-31T00:15:05.743", "references": [{"source": "security@tcpdump.org", "tags": ["Patch"], "url": "https://github.com/the-tcpdump-group/libpcap/commit/0f8a103469ce87d2b8d68c5130a46ddb7fb5eb29"}, {"source": "security@tcpdump.org", "tags": ["Patch"], "url": "https://github.com/the-tcpdump-group/libpcap/commit/8a633ee5b9ecd9d38a587ac9b204e2380713b0d6"}], "sourceIdentifier": "security@tcpdump.org", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-476"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-476"}], "source": "security@tcpdump.org", "type": "Secondary"}]}

{"bugzilla": {"description": "libpcap: NULL pointer derefence in pcap_findalldevs_ex() in pcap-new.c", "id": "2308785", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2308785"}, "csaw": false, "cvss3": {"cvss3_base_score": "4.4", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", "status": "draft"}, "cwe": "CWE-476", "details": ["Remote packet capture support is disabled by default in libpcap. When a user builds libpcap with remote packet capture support enabled, one of the functions that become available is pcap_findalldevs_ex(). One of the function arguments can be a filesystem path, which normally means a directory with input data files. When the specified path cannot be used as a directory, the function receives NULL from opendir(), but does not check the return value and passes the NULL value to readdir(), which causes a NULL pointer derefence.", "A flaw was found in the libpcap library. When remote packet capture support is enabled, it is possible to trigger a NULL pointer dereference when a filesystem path that is not a directory is used as an argument to the pcap_findalldevs_ex function due to a missing check of the return value from the opendir function, resulting in a denial of service."], "name": "CVE-2024-8006", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:10", "fix_state": "Not affected", "package_name": "libpcap", "product_name": "Red Hat Enterprise Linux 10"}, {"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Out of support scope", "package_name": "libpcap", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Out of support scope", "package_name": "libpcap", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "libpcap", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "libpcap", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/a:redhat:openshift:4", "fix_state": "Not affected", "package_name": "rhcos", "product_name": "Red Hat OpenShift Container Platform 4"}], "public_date": "2024-08-31T00:15:05Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2024-8006\nhttps://nvd.nist.gov/vuln/detail/CVE-2024-8006\nhttps://github.com/the-tcpdump-group/libpcap/commit/0f8a103469ce87d2b8d68c5130a46ddb7fb5eb29\nhttps://github.com/the-tcpdump-group/libpcap/commit/8a633ee5b9ecd9d38a587ac9b204e2380713b0d6"], "statement": "The libpcap library as shipped in Red Hat Enterprise Linux 8, 9 and in Red Hat OpenShift Container Platform 4 is not affected by this vulnerability because the remote packet capture support is disabled.", "threat_severity": "Moderate"}

{}