CVE-2024-2397Infinite Loop in Tcpdump Group Tcpdump

CWE-835Infinite Loop5 documents5 sources
Severity
6.2MEDIUMNVD
EPSS
0.0%
top 99.21%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
THE Tcpdump Group Tcpdump
Timeline
PublishedApr 12

Description

Due to a bug in packet data buffers management, the PPP printer in tcpdump can enter an infinite loop when reading a crafted DLT_PPP_SERIAL .pcap savefile. This problem does not affect any tcpdump release, but it affected the git master branch from 2023-06-05 to 2024-03-21.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 2.5 | Impact: 3.6

Affected Packages1 packages

CVEListV5the_tcpdump_group/tcpdump0d4083eb9811ef

🔴Vulnerability Details

2
GHSA
GHSA-j3vc-4chv-32mw: Due to a bug in packet data buffers management, the PPP printer in tcpdump can enter an infinite loop when reading a crafted DLT_PPP_SERIAL2024-04-12
CVEList
infinite loop in the PPP printer of tcpdump2024-04-12

📋Vendor Advisories

2
Red Hat
tcpdump: Crafted .pcap file may lead to Denial of Service2024-04-12
Debian
CVE-2024-2397: tcpdump - Due to a bug in packet data buffers management, the PPP printer in tcpdump can e...2024
CVE-2024-2397 — Infinite Loop in Tcpdump Group Tcpdump | cvebase