CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
HIGH
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
AI Score
Confidence
Low
A vulnerability was found in libpcap. During the setup of a remote packet capture, the internal sock_initaddress() function calls getaddrinfo() and possibly freeaddrinfo(), but does not clearly indicate to the caller function as to whether freeaddrinfo() remains to be called after the function returns. This issue makes it possible in some scenarios that the function and its caller call freeaddrinfo() for the same allocated memory block.
Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.