CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
AI Score
Confidence
Low
In affected libpcap versions during the setup of a remote packet capture
the internal function sock_initaddress() calls getaddrinfo() and possibly
freeaddrinfo(), but does not clearly indicate to the caller function
whether freeaddrinfo() still remains to be called after the function
returns. This makes it possible in some scenarios that both the function
and its caller call freeaddrinfo() for the same allocated memory block. A
similar problem was reported in Apple libpcap, to which Apple assigned
CVE-2023-40400.
github.com/the-tcpdump-group/libpcap/commit/262e4f34979872d822ccedf9f318ed89c4d31c03
github.com/the-tcpdump-group/libpcap/commit/262e4f34979872d822ccedf9f318ed89c4d31c03 (master)
github.com/the-tcpdump-group/libpcap/commit/2aa69b04d8173b18a0e3492e0c8f2f7fabdf642d
github.com/the-tcpdump-group/libpcap/commit/2aa69b04d8173b18a0e3492e0c8f2f7fabdf642d (libpcap-1.10.5)
launchpad.net/bugs/cve/CVE-2023-7256
nvd.nist.gov/vuln/detail/CVE-2023-7256
security-tracker.debian.org/tracker/CVE-2023-7256
www.cve.org/CVERecord?id=CVE-2023-7256