PT-2018-12813 · Tcpflow+2 · Tcpflow+2

Zillr0O

Publicado

2018-08-04

Atualizado

2020-11-29

CVE-2018-14938

CVSS v3.1

9.1

Crítica

Vetor

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H

Name of the Vulnerable Software and Affected Versions TCPFLOW versions prior to 1.5.0-alpha

Description An issue in the wifipcap/wifipcap.cpp file allows for an integer overflow in the handle prism function during caplen processing. If the caplen is less than 144, this can cause an integer overflow in the handle 80211 function, resulting in an out-of-bounds read. This may allow access to sensitive memory or lead to a denial of service.

Recommendations For versions prior to 1.5.0-alpha, as a temporary workaround, consider disabling the handle prism and handle 80211 functions until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

DoS

Integer Overflow

Out of bounds Read

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-190CWE-125

Identificadores relacionados

ALT-PU-2018-2392

CVE-2018-14938

DLA-2468-1

MGASA-2018-0401

USN-3955-1

Produtos afetados

Alt Linux

Tcpflow

Ubuntu

PT-2018-12813 · Tcpflow+2 · Tcpflow+2

CVE-2018-14938

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 21