Vulnerability Details : CVE-2024-2397
Due to a bug in packet data buffers management, the PPP printer in tcpdump can enter an infinite loop when reading a crafted DLT_PPP_SERIAL .pcap savefile. This problem does not affect any tcpdump release, but it affected the git master branch from 2023-06-05 to 2024-03-21.
Products affected by CVE-2024-2397
Please log in to view affected product information.
Exploit prediction scoring system (EPSS) score for CVE-2024-2397
0.01%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 1 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2024-2397
| Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
|---|---|---|---|---|---|---|
|
6.2
|
MEDIUM | CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
2.5
|
3.6
|
Tcpdump Group | 2024-04-12 |
|
5.5
|
MEDIUM | CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H |
N/A
|
N/A
|
RedHat-CVE-2024-2397 | 2024-04-12 |
CWE ids for CVE-2024-2397
-
The product contains an iteration or loop with an exit condition that cannot be reached, i.e., an infinite loop.Assigned by: security@tcpdump.org (Secondary)
References for CVE-2024-2397
-
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GEZRGR3QCW2ZNFIAWMZZOG4ZLFLFNG2M/
[SECURITY] Fedora 39 Update: tcpdump-4.99.4-4.fc39 - package-announce - Fedora Mailing-Lists
-
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HUUI2MBVHFENXNBCHDQZP2RBBA2VD5HG/
[SECURITY] Fedora 40 Update: tcpdump-4.99.4-7.fc40 - package-announce - Fedora Mailing-Lists
-
https://github.com/the-tcpdump-group/tcpdump/commit/b9811ef5bb1b7d45a90e042f81f3aaf233c8bcb2
ppp: use the buffer stack for the de-escaping buffer. · the-tcpdump-group/tcpdump@b9811ef · GitHub
Jump to