CVE-2024-2397 - OpenCVE

Due to a bug in packet data buffers management, the PPP printer in tcpdump can enter an infinite loop when reading a crafted DLT_PPP_SERIAL .pcap savefile. This problem does not affect any tcpdump release, but it affected the git master branch from 2023-06-05 to 2024-03-21.

Attack Vector Local

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

Vendors & Products
CPE Configurations

No data.

No data.

References

Link	Resource
https://github.com/the-tcpdump-group/tcpdump/commit/b9811ef5bb1b7d45a90e042f81f3aaf233c8bcb2
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GEZRGR3QCW2ZNFIAWMZZOG4ZLFLFNG2M/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HUUI2MBVHFENXNBCHDQZP2RBBA2VD5HG/

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: Tcpdump

Published: 2024-04-12T13:22:01.636Z

Updated: 2024-04-12T13:22:01.636Z

Reserved: 2024-03-12T10:29:32.095Z

Link: CVE-2024-2397

JSON object: View

NVD Information

Status : Awaiting Analysis

Published: 2024-04-12T14:15:07.657

Modified: 2024-06-10T17:16:25.180

Link: CVE-2024-2397

JSON object: View

Redhat Information

No data.

CWE

CWE-835

{"dataType": "CVE_RECORD", "cveMetadata": {"cveId": "CVE-2024-2397", "assignerOrgId": "cfdbb673-b408-4d03-89c1-c3d73ed80896", "state": "PUBLISHED", "assignerShortName": "Tcpdump", "dateReserved": "2024-03-12T10:29:32.095Z", "datePublished": "2024-04-12T13:22:01.636Z", "dateUpdated": "2024-04-12T13:22:01.636Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "modules": ["PPP printer"], "product": "tcpdump", "vendor": "The Tcpdump Group", "versions": [{"lessThan": "b9811ef", "status": "affected", "version": "0d4083e", "versionType": "git"}]}], "datePublic": "2024-04-12T11:00:00.000Z", "descriptions": [{"lang": "en", "value": "Due to a bug in packet data buffers management, the PPP printer in tcpdump can enter an infinite loop when reading a crafted DLT_PPP_SERIAL .pcap savefile. This problem does not affect any tcpdump release, but it affected the git master branch from 2023-06-05 to 2024-03-21."}], "exploits": [{"lang": "en", "value": "A functional exploit exists."}], "impacts": [{"capecId": "CAPEC-153", "descriptions": [{"lang": "en", "value": "CAPEC-153 Input Data Manipulation"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 6.2, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-835", "description": "CWE-835 Loop with Unreachable Exit Condition ('Infinite Loop')", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "cfdbb673-b408-4d03-89c1-c3d73ed80896", "shortName": "Tcpdump", "dateUpdated": "2024-04-12T13:22:01.636Z"}, "references": [{"tags": ["patch"], "url": "https://github.com/the-tcpdump-group/tcpdump/commit/b9811ef5bb1b7d45a90e042f81f3aaf233c8bcb2"}, {"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GEZRGR3QCW2ZNFIAWMZZOG4ZLFLFNG2M/"}, {"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HUUI2MBVHFENXNBCHDQZP2RBBA2VD5HG/"}], "source": {"discovery": "EXTERNAL"}, "title": "infinite loop in the PPP printer of tcpdump"}}, "dataVersion": "5.1"}