csaf_microsoft - msrc

MSRC_CVE-2023-7256

Vulnerability from csaf_microsoft - Published: 2024-08-02 00:00 - Updated: 2024-11-26 00:00

Summary

Double-free in libpcap before 1.10.5 with remote packet capture support.

Notes

Additional Resources

To determine the support lifecycle for your software, see the Microsoft Support Lifecycle: https://support.microsoft.com/lifecycle

Disclaimer

The information provided in the Microsoft Knowledge Base is provided \"as is\" without warranty of any kind. Microsoft disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose. In no event shall Microsoft Corporation or its suppliers be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages, even if Microsoft Corporation or its suppliers have been advised of the possibility of such damages. Some states do not allow the exclusion or limitation of liability for consequential or incidental damages so the foregoing limitation may not apply.

JSON

To clipboard

{
  "document": {
    "category": "csaf_vex",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Public",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en-US",
    "notes": [
      {
        "category": "general",
        "text": "To determine the support lifecycle for your software, see the Microsoft Support Lifecycle: https://support.microsoft.com/lifecycle",
        "title": "Additional Resources"
      },
      {
        "category": "legal_disclaimer",
        "text": "The information provided in the Microsoft Knowledge Base is provided \\\"as is\\\" without warranty of any kind. Microsoft disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose. In no event shall Microsoft Corporation or its suppliers be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages, even if Microsoft Corporation or its suppliers have been advised of the possibility of such damages. Some states do not allow the exclusion or limitation of liability for consequential or incidental damages so the foregoing limitation may not apply.",
        "title": "Disclaimer"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "secure@microsoft.com",
      "name": "Microsoft Security Response Center",
      "namespace": "https://msrc.microsoft.com"
    },
    "references": [
      {
        "category": "self",
        "summary": "CVE-2023-7256 Double-free in libpcap before 1.10.5 with remote packet capture support. - VEX",
        "url": "https://msrc.microsoft.com/csaf/vex/2024/msrc_cve-2023-7256.json"
      },
      {
        "category": "external",
        "summary": "Microsoft Support Lifecycle",
        "url": "https://support.microsoft.com/lifecycle"
      },
      {
        "category": "external",
        "summary": "Common Vulnerability Scoring System",
        "url": "https://www.first.org/cvss"
      }
    ],
    "title": "Double-free in libpcap before 1.10.5 with remote packet capture support.",
    "tracking": {
      "current_release_date": "2024-11-26T00:00:00.000Z",
      "generator": {
        "date": "2025-10-20T02:00:16.314Z",
        "engine": {
          "name": "MSRC Generator",
          "version": "1.0"
        }
      },
      "id": "msrc_CVE-2023-7256",
      "initial_release_date": "2024-08-02T00:00:00.000Z",
      "revision_history": [
        {
          "date": "2024-11-09T00:00:00.000Z",
          "legacy_version": "1",
          "number": "1",
          "summary": "Information published."
        },
        {
          "date": "2024-11-20T00:00:00.000Z",
          "legacy_version": "1.1",
          "number": "2",
          "summary": "Added libpcap to CBL-Mariner 2.0\nAdded nmap to CBL-Mariner 2.0\nAdded libpcap to Azure Linux 3.0"
        },
        {
          "date": "2024-11-26T00:00:00.000Z",
          "legacy_version": "1.2",
          "number": "3",
          "summary": "Added nmap to Azure Linux 3.0\nAdded libpcap to Azure Linux 3.0\nAdded libpcap to CBL-Mariner 2.0\nAdded nmap to CBL-Mariner 2.0"
        }
      ],
      "status": "final",
      "version": "3"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version",
                "name": "3.0",
                "product": {
                  "name": "Azure Linux 3.0",
                  "product_id": "17084"
                }
              },
              {
                "category": "product_version",
                "name": "2.0",
                "product": {
                  "name": "CBL Mariner 2.0",
                  "product_id": "17086"
                }
              }
            ],
            "category": "product_name",
            "name": "Azure Linux"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "\u003cazl3 libpcap 1.10.4-1",
                "product": {
                  "name": "\u003cazl3 libpcap 1.10.4-1",
                  "product_id": "3"
                }
              },
              {
                "category": "product_version",
                "name": "azl3 libpcap 1.10.4-1",
                "product": {
                  "name": "azl3 libpcap 1.10.4-1",
                  "product_id": "20209"
                }
              },
              {
                "category": "product_version_range",
                "name": "\u003ccbl2 libpcap 1.10.1-4",
                "product": {
                  "name": "\u003ccbl2 libpcap 1.10.1-4",
                  "product_id": "2"
                }
              },
              {
                "category": "product_version",
                "name": "cbl2 libpcap 1.10.1-4",
                "product": {
                  "name": "cbl2 libpcap 1.10.1-4",
                  "product_id": "20213"
                }
              },
              {
                "category": "product_version_range",
                "name": "\u003cazl3 libpcap 1.10.5-1",
                "product": {
                  "name": "\u003cazl3 libpcap 1.10.5-1",
                  "product_id": "4"
                }
              },
              {
                "category": "product_version",
                "name": "azl3 libpcap 1.10.5-1",
                "product": {
                  "name": "azl3 libpcap 1.10.5-1",
                  "product_id": "17643"
                }
              }
            ],
            "category": "product_name",
            "name": "libpcap"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "\u003ccbl2 nmap 7.93-3",
                "product": {
                  "name": "\u003ccbl2 nmap 7.93-3",
                  "product_id": "1"
                }
              },
              {
                "category": "product_version",
                "name": "cbl2 nmap 7.93-3",
                "product": {
                  "name": "cbl2 nmap 7.93-3",
                  "product_id": "20217"
                }
              },
              {
                "category": "product_version_range",
                "name": "\u003cazl3 nmap 7.95-2",
                "product": {
                  "name": "\u003cazl3 nmap 7.95-2",
                  "product_id": "5"
                }
              },
              {
                "category": "product_version",
                "name": "azl3 nmap 7.95-2",
                "product": {
                  "name": "azl3 nmap 7.95-2",
                  "product_id": "17642"
                }
              }
            ],
            "category": "product_name",
            "name": "nmap"
          }
        ],
        "category": "vendor",
        "name": "Microsoft"
      }
    ],
    "relationships": [
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "\u003cazl3 libpcap 1.10.4-1 as a component of Azure Linux 3.0",
          "product_id": "17084-3"
        },
        "product_reference": "3",
        "relates_to_product_reference": "17084"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "azl3 libpcap 1.10.4-1 as a component of Azure Linux 3.0",
          "product_id": "20209-17084"
        },
        "product_reference": "20209",
        "relates_to_product_reference": "17084"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "\u003ccbl2 libpcap 1.10.1-4 as a component of CBL Mariner 2.0",
          "product_id": "17086-2"
        },
        "product_reference": "2",
        "relates_to_product_reference": "17086"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "cbl2 libpcap 1.10.1-4 as a component of CBL Mariner 2.0",
          "product_id": "20213-17086"
        },
        "product_reference": "20213",
        "relates_to_product_reference": "17086"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "\u003ccbl2 nmap 7.93-3 as a component of CBL Mariner 2.0",
          "product_id": "17086-1"
        },
        "product_reference": "1",
        "relates_to_product_reference": "17086"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "cbl2 nmap 7.93-3 as a component of CBL Mariner 2.0",
          "product_id": "20217-17086"
        },
        "product_reference": "20217",
        "relates_to_product_reference": "17086"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "\u003cazl3 nmap 7.95-2 as a component of Azure Linux 3.0",
          "product_id": "17084-5"
        },
        "product_reference": "5",
        "relates_to_product_reference": "17084"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "azl3 nmap 7.95-2 as a component of Azure Linux 3.0",
          "product_id": "17642-17084"
        },
        "product_reference": "17642",
        "relates_to_product_reference": "17084"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "\u003cazl3 libpcap 1.10.5-1 as a component of Azure Linux 3.0",
          "product_id": "17084-4"
        },
        "product_reference": "4",
        "relates_to_product_reference": "17084"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "azl3 libpcap 1.10.5-1 as a component of Azure Linux 3.0",
          "product_id": "17643-17084"
        },
        "product_reference": "17643",
        "relates_to_product_reference": "17084"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2023-7256",
      "cwe": {
        "id": "CWE-415",
        "name": "Double Free"
      },
      "notes": [
        {
          "category": "general",
          "text": "Tcpdump",
          "title": "Assigning CNA"
        }
      ],
      "product_status": {
        "fixed": [
          "20209-17084",
          "20213-17086",
          "20217-17086",
          "17642-17084",
          "17643-17084"
        ],
        "known_affected": [
          "17084-3",
          "17086-2",
          "17086-1",
          "17084-5",
          "17084-4"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2023-7256 Double-free in libpcap before 1.10.5 with remote packet capture support. - VEX",
          "url": "https://msrc.microsoft.com/csaf/vex/2024/msrc_cve-2023-7256.json"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2024-11-09T00:00:00.000Z",
          "details": "1.10.5-1:Security Update:https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade",
          "product_ids": [
            "17084-3",
            "17084-4"
          ],
          "url": "https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade"
        },
        {
          "category": "vendor_fix",
          "date": "2024-11-09T00:00:00.000Z",
          "details": "1.10.1-4:Security Update:https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade",
          "product_ids": [
            "17086-2"
          ],
          "url": "https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade"
        },
        {
          "category": "vendor_fix",
          "date": "2024-11-09T00:00:00.000Z",
          "details": "7.93-3:Security Update:https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade",
          "product_ids": [
            "17086-1"
          ],
          "url": "https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade"
        },
        {
          "category": "vendor_fix",
          "date": "2024-11-09T00:00:00.000Z",
          "details": "7.95-2:Security Update:https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade",
          "product_ids": [
            "17084-5"
          ],
          "url": "https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 4.4,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "environmentalsScore": 0.0,
            "integrityImpact": "NONE",
            "privilegesRequired": "HIGH",
            "scope": "UNCHANGED",
            "temporalScore": 4.4,
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "17084-3",
            "17086-2",
            "17086-1",
            "17084-5",
            "17084-4"
          ]
        }
      ],
      "title": "Double-free in libpcap before 1.10.5 with remote packet capture support."
    }
  ]
}

CVE-2023-7256 (GCVE-0-2023-7256)

Vulnerability from cvelistv5 – Published: 2024-08-30 23:44 – Updated: 2024-09-03 20:07

Summary

In affected libpcap versions during the setup of a remote packet capture the internal function sock_initaddress() calls getaddrinfo() and possibly freeaddrinfo(), but does not clearly indicate to the caller function whether freeaddrinfo() still remains to be called after the function returns. This makes it possible in some scenarios that both the function and its caller call freeaddrinfo() for the same allocated memory block. A similar problem was reported in Apple libpcap, to which Apple assigned CVE-2023-40400.

Severity ?

4.4 (Medium)


                        
                          CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H

CWE

CWE-415 - Double Free

Assigner

Tcpdump

References

URL

Tags

	https://github.com/the-tcpdump-group/libpcap/comm…	patch
	https://github.com/the-tcpdump-group/libpcap/comm…	patch

Impacted products

	Vendor	Product	Version
	The Tcpdump Group	libpcap	Affected: 1.8.x Affected: 1.9.x Affected: 1.10.x , ≤ 1.10.4 (semver)

Credits

Dora Sweet

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2023-7256",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-09-03T20:03:11.759531Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-09-03T20:07:34.599Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "modules": [
            "remote packet capture"
          ],
          "product": "libpcap",
          "repo": "https://github.com/the-tcpdump-group/libpcap/",
          "vendor": "The Tcpdump Group",
          "versions": [
            {
              "status": "affected",
              "version": "1.8.x"
            },
            {
              "status": "affected",
              "version": "1.9.x"
            },
            {
              "lessThanOrEqual": "1.10.4",
              "status": "affected",
              "version": "1.10.x",
              "versionType": "semver"
            }
          ]
        }
      ],
      "configurations": [
        {
          "lang": "en",
          "value": "The problem is specific to the remote packet capture code, which is not enabled in the default build configuration."
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "reporter",
          "value": "Dora Sweet"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In affected libpcap versions during the setup of a remote packet capture the internal function sock_initaddress() calls getaddrinfo() and possibly freeaddrinfo(), but does not clearly indicate to the caller function whether freeaddrinfo() still remains to be called after the function returns.  This makes it possible in some scenarios that both the function and its caller call freeaddrinfo() for the same allocated memory block.  A similar problem was reported in Apple libpcap, to which Apple assigned CVE-2023-40400."
        }
      ],
      "exploits": [
        {
          "lang": "en",
          "value": "A functional exploit exists."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 4.4,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "HIGH",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-415",
              "description": "CWE-415 Double Free",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-08-30T23:44:04.383Z",
        "orgId": "cfdbb673-b408-4d03-89c1-c3d73ed80896",
        "shortName": "Tcpdump"
      },
      "references": [
        {
          "tags": [
            "patch"
          ],
          "url": "https://github.com/the-tcpdump-group/libpcap/commit/262e4f34979872d822ccedf9f318ed89c4d31c03"
        },
        {
          "tags": [
            "patch"
          ],
          "url": "https://github.com/the-tcpdump-group/libpcap/commit/2aa69b04d8173b18a0e3492e0c8f2f7fabdf642d"
        }
      ],
      "solutions": [
        {
          "lang": "en",
          "value": "Upgrade to libpcap 1.10.5."
        }
      ],
      "source": {
        "discovery": "EXTERNAL"
      },
      "title": "Double-free in libpcap before 1.10.5 with remote packet capture support.",
      "workarounds": [
        {
          "lang": "en",
          "value": "Do not build libpcap with remote packet capture support."
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "cfdbb673-b408-4d03-89c1-c3d73ed80896",
    "assignerShortName": "Tcpdump",
    "cveId": "CVE-2023-7256",
    "datePublished": "2024-08-30T23:44:04.383Z",
    "dateReserved": "2024-04-11T15:02:51.577Z",
    "dateUpdated": "2024-09-03T20:07:34.599Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

MSRC_CVE-2023-7256

CVE-2023-7256 (GCVE-0-2023-7256)

Tags

Sightings

Nomenclature