Vulnerabilities > Tcpdump > Libpcap
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-08-31 | CVE-2023-7256 | Double Free vulnerability in Tcpdump Libpcap In affected libpcap versions during the setup of a remote packet capture the internal function sock_initaddress() calls getaddrinfo() and possibly freeaddrinfo(), but does not clearly indicate to the caller function whether freeaddrinfo() still remains to be called after the function returns. | 4.4 |
| 2024-08-31 | CVE-2024-8006 | NULL Pointer Dereference vulnerability in Tcpdump Libpcap Remote packet capture support is disabled by default in libpcap. | 4.4 |
| 2019-10-03 | CVE-2019-15165 | Allocation of Resources Without Limits or Throttling vulnerability in multiple products sf-pcapng.c in libpcap before 1.9.1 does not properly validate the PHB header length before allocating memory. | 5.3 |
| 2019-10-03 | CVE-2019-15164 | Server-Side Request Forgery (SSRF) vulnerability in Tcpdump Libpcap rpcapd/daemon.c in libpcap before 1.9.1 allows SSRF because a URL may be provided as a capture source. | 5.3 |
| 2019-10-03 | CVE-2019-15163 | NULL Pointer Dereference vulnerability in Tcpdump Libpcap rpcapd/daemon.c in libpcap before 1.9.1 allows attackers to cause a denial of service (NULL pointer dereference and daemon crash) if a crypt() call fails. | 7.5 |
| 2019-10-03 | CVE-2019-15162 | Insufficient Verification of Data Authenticity vulnerability in Tcpdump Libpcap rpcapd/daemon.c in libpcap before 1.9.1 on non-Windows platforms provides details about why authentication failed, which might make it easier for attackers to enumerate valid usernames. | 5.3 |
| 2019-10-03 | CVE-2019-15161 | Incorrect Calculation of Buffer Size vulnerability in Tcpdump Libpcap rpcapd/daemon.c in libpcap before 1.9.1 mishandles certain length values because of reuse of a variable. | 5.3 |
| 2017-10-20 | CVE-2011-1935 | Unspecified vulnerability in Tcpdump Libpcap 1.1.1/1.2.0 pcap-linux.c in libpcap 1.1.1 before commit ea9432fabdf4b33cbc76d9437200e028f1c47c93 when snaplen is set may truncate packets, which might allow remote attackers to send arbitrary data while avoiding detection via crafted packets. | 9.8 |