csaf_microsoft - msrc

MSRC_CVE-2024-8006

Vulnerability from csaf_microsoft - Published: 2024-08-02 00:00 - Updated: 2024-11-26 00:00

Summary

NULL pointer dereference in libpcap before 1.10.5 with remote packet capture support

Notes

Additional Resources

To determine the support lifecycle for your software, see the Microsoft Support Lifecycle: https://support.microsoft.com/lifecycle

Disclaimer

The information provided in the Microsoft Knowledge Base is provided \"as is\" without warranty of any kind. Microsoft disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose. In no event shall Microsoft Corporation or its suppliers be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages, even if Microsoft Corporation or its suppliers have been advised of the possibility of such damages. Some states do not allow the exclusion or limitation of liability for consequential or incidental damages so the foregoing limitation may not apply.

JSON

To clipboard

{
  "document": {
    "category": "csaf_vex",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Public",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en-US",
    "notes": [
      {
        "category": "general",
        "text": "To determine the support lifecycle for your software, see the Microsoft Support Lifecycle: https://support.microsoft.com/lifecycle",
        "title": "Additional Resources"
      },
      {
        "category": "legal_disclaimer",
        "text": "The information provided in the Microsoft Knowledge Base is provided \\\"as is\\\" without warranty of any kind. Microsoft disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose. In no event shall Microsoft Corporation or its suppliers be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages, even if Microsoft Corporation or its suppliers have been advised of the possibility of such damages. Some states do not allow the exclusion or limitation of liability for consequential or incidental damages so the foregoing limitation may not apply.",
        "title": "Disclaimer"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "secure@microsoft.com",
      "name": "Microsoft Security Response Center",
      "namespace": "https://msrc.microsoft.com"
    },
    "references": [
      {
        "category": "self",
        "summary": "CVE-2024-8006 NULL pointer dereference in libpcap before 1.10.5 with remote packet capture support - VEX",
        "url": "https://msrc.microsoft.com/csaf/vex/2024/msrc_cve-2024-8006.json"
      },
      {
        "category": "external",
        "summary": "Microsoft Support Lifecycle",
        "url": "https://support.microsoft.com/lifecycle"
      },
      {
        "category": "external",
        "summary": "Common Vulnerability Scoring System",
        "url": "https://www.first.org/cvss"
      }
    ],
    "title": "NULL pointer dereference in libpcap before 1.10.5 with remote packet capture support",
    "tracking": {
      "current_release_date": "2024-11-26T00:00:00.000Z",
      "generator": {
        "date": "2025-10-20T02:00:16.364Z",
        "engine": {
          "name": "MSRC Generator",
          "version": "1.0"
        }
      },
      "id": "msrc_CVE-2024-8006",
      "initial_release_date": "2024-08-02T00:00:00.000Z",
      "revision_history": [
        {
          "date": "2024-11-01T00:00:00.000Z",
          "legacy_version": "1",
          "number": "1",
          "summary": "Information published."
        },
        {
          "date": "2024-11-09T00:00:00.000Z",
          "legacy_version": "1.1",
          "number": "2",
          "summary": "Added libpcap to Azure Linux 3.0\nAdded libpcap to CBL-Mariner 2.0"
        },
        {
          "date": "2024-11-20T00:00:00.000Z",
          "legacy_version": "1.2",
          "number": "3",
          "summary": "Added nmap to CBL-Mariner 2.0\nAdded libpcap to CBL-Mariner 2.0\nAdded libpcap to Azure Linux 3.0"
        },
        {
          "date": "2024-11-26T00:00:00.000Z",
          "legacy_version": "1.3",
          "number": "4",
          "summary": "Added nmap to Azure Linux 3.0\nAdded libpcap to Azure Linux 3.0\nAdded nmap to CBL-Mariner 2.0\nAdded libpcap to CBL-Mariner 2.0"
        }
      ],
      "status": "final",
      "version": "4"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version",
                "name": "2.0",
                "product": {
                  "name": "CBL Mariner 2.0",
                  "product_id": "17086"
                }
              },
              {
                "category": "product_version",
                "name": "3.0",
                "product": {
                  "name": "Azure Linux 3.0",
                  "product_id": "17084"
                }
              }
            ],
            "category": "product_name",
            "name": "Azure Linux"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "\u003ccbl2 libpcap 1.10.1-3",
                "product": {
                  "name": "\u003ccbl2 libpcap 1.10.1-3",
                  "product_id": "6"
                }
              },
              {
                "category": "product_version",
                "name": "cbl2 libpcap 1.10.1-3",
                "product": {
                  "name": "cbl2 libpcap 1.10.1-3",
                  "product_id": "17245"
                }
              },
              {
                "category": "product_version_range",
                "name": "\u003cazl3 libpcap 1.10.5-1",
                "product": {
                  "name": "\u003cazl3 libpcap 1.10.5-1",
                  "product_id": "4"
                }
              },
              {
                "category": "product_version",
                "name": "azl3 libpcap 1.10.5-1",
                "product": {
                  "name": "azl3 libpcap 1.10.5-1",
                  "product_id": "17643"
                }
              },
              {
                "category": "product_version_range",
                "name": "\u003cazl3 libpcap 1.10.4-1",
                "product": {
                  "name": "\u003cazl3 libpcap 1.10.4-1",
                  "product_id": "3"
                }
              },
              {
                "category": "product_version",
                "name": "azl3 libpcap 1.10.4-1",
                "product": {
                  "name": "azl3 libpcap 1.10.4-1",
                  "product_id": "20209"
                }
              },
              {
                "category": "product_version_range",
                "name": "\u003ccbl2 libpcap 1.10.1-4",
                "product": {
                  "name": "\u003ccbl2 libpcap 1.10.1-4",
                  "product_id": "2"
                }
              },
              {
                "category": "product_version",
                "name": "cbl2 libpcap 1.10.1-4",
                "product": {
                  "name": "cbl2 libpcap 1.10.1-4",
                  "product_id": "20213"
                }
              }
            ],
            "category": "product_name",
            "name": "libpcap"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "\u003cazl3 nmap 7.95-2",
                "product": {
                  "name": "\u003cazl3 nmap 7.95-2",
                  "product_id": "5"
                }
              },
              {
                "category": "product_version",
                "name": "azl3 nmap 7.95-2",
                "product": {
                  "name": "azl3 nmap 7.95-2",
                  "product_id": "17642"
                }
              },
              {
                "category": "product_version_range",
                "name": "\u003ccbl2 nmap 7.93-3",
                "product": {
                  "name": "\u003ccbl2 nmap 7.93-3",
                  "product_id": "1"
                }
              },
              {
                "category": "product_version",
                "name": "cbl2 nmap 7.93-3",
                "product": {
                  "name": "cbl2 nmap 7.93-3",
                  "product_id": "20217"
                }
              }
            ],
            "category": "product_name",
            "name": "nmap"
          }
        ],
        "category": "vendor",
        "name": "Microsoft"
      }
    ],
    "relationships": [
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "\u003ccbl2 libpcap 1.10.1-3 as a component of CBL Mariner 2.0",
          "product_id": "17086-6"
        },
        "product_reference": "6",
        "relates_to_product_reference": "17086"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "cbl2 libpcap 1.10.1-3 as a component of CBL Mariner 2.0",
          "product_id": "17245-17086"
        },
        "product_reference": "17245",
        "relates_to_product_reference": "17086"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "\u003cazl3 nmap 7.95-2 as a component of Azure Linux 3.0",
          "product_id": "17084-5"
        },
        "product_reference": "5",
        "relates_to_product_reference": "17084"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "azl3 nmap 7.95-2 as a component of Azure Linux 3.0",
          "product_id": "17642-17084"
        },
        "product_reference": "17642",
        "relates_to_product_reference": "17084"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "\u003cazl3 libpcap 1.10.5-1 as a component of Azure Linux 3.0",
          "product_id": "17084-4"
        },
        "product_reference": "4",
        "relates_to_product_reference": "17084"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "azl3 libpcap 1.10.5-1 as a component of Azure Linux 3.0",
          "product_id": "17643-17084"
        },
        "product_reference": "17643",
        "relates_to_product_reference": "17084"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "\u003cazl3 libpcap 1.10.4-1 as a component of Azure Linux 3.0",
          "product_id": "17084-3"
        },
        "product_reference": "3",
        "relates_to_product_reference": "17084"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "azl3 libpcap 1.10.4-1 as a component of Azure Linux 3.0",
          "product_id": "20209-17084"
        },
        "product_reference": "20209",
        "relates_to_product_reference": "17084"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "\u003ccbl2 nmap 7.93-3 as a component of CBL Mariner 2.0",
          "product_id": "17086-1"
        },
        "product_reference": "1",
        "relates_to_product_reference": "17086"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "cbl2 nmap 7.93-3 as a component of CBL Mariner 2.0",
          "product_id": "20217-17086"
        },
        "product_reference": "20217",
        "relates_to_product_reference": "17086"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "\u003ccbl2 libpcap 1.10.1-4 as a component of CBL Mariner 2.0",
          "product_id": "17086-2"
        },
        "product_reference": "2",
        "relates_to_product_reference": "17086"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "cbl2 libpcap 1.10.1-4 as a component of CBL Mariner 2.0",
          "product_id": "20213-17086"
        },
        "product_reference": "20213",
        "relates_to_product_reference": "17086"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2024-8006",
      "cwe": {
        "id": "CWE-476",
        "name": "NULL Pointer Dereference"
      },
      "notes": [
        {
          "category": "general",
          "text": "Tcpdump",
          "title": "Assigning CNA"
        }
      ],
      "product_status": {
        "fixed": [
          "17245-17086",
          "17642-17084",
          "17643-17084",
          "20209-17084",
          "20217-17086",
          "20213-17086"
        ],
        "known_affected": [
          "17086-6",
          "17084-5",
          "17084-4",
          "17084-3",
          "17086-1",
          "17086-2"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2024-8006 NULL pointer dereference in libpcap before 1.10.5 with remote packet capture support - VEX",
          "url": "https://msrc.microsoft.com/csaf/vex/2024/msrc_cve-2024-8006.json"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2024-11-01T00:00:00.000Z",
          "details": "1.10.1-3:Security Update:https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade",
          "product_ids": [
            "17086-6",
            "17086-2"
          ],
          "url": "https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade"
        },
        {
          "category": "vendor_fix",
          "date": "2024-11-01T00:00:00.000Z",
          "details": "7.95-2:Security Update:https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade",
          "product_ids": [
            "17084-5"
          ],
          "url": "https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade"
        },
        {
          "category": "vendor_fix",
          "date": "2024-11-01T00:00:00.000Z",
          "details": "1.10.5-1:Security Update:https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade",
          "product_ids": [
            "17084-4",
            "17084-3"
          ],
          "url": "https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade"
        },
        {
          "category": "vendor_fix",
          "date": "2024-11-01T00:00:00.000Z",
          "details": "7.93-3:Security Update:https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade",
          "product_ids": [
            "17086-1"
          ],
          "url": "https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 4.4,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "environmentalsScore": 0.0,
            "integrityImpact": "NONE",
            "privilegesRequired": "HIGH",
            "scope": "UNCHANGED",
            "temporalScore": 4.4,
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "17086-6",
            "17084-5",
            "17084-4",
            "17084-3",
            "17086-1",
            "17086-2"
          ]
        }
      ],
      "title": "NULL pointer dereference in libpcap before 1.10.5 with remote packet capture support"
    }
  ]
}

CVE-2024-8006 (GCVE-0-2024-8006)

Vulnerability from cvelistv5 – Published: 2024-08-30 23:53 – Updated: 2024-09-03 19:17

Summary

Remote packet capture support is disabled by default in libpcap. When a user builds libpcap with remote packet capture support enabled, one of the functions that become available is pcap_findalldevs_ex(). One of the function arguments can be a filesystem path, which normally means a directory with input data files. When the specified path cannot be used as a directory, the function receives NULL from opendir(), but does not check the return value and passes the NULL value to readdir(), which causes a NULL pointer derefence.

Severity ?

4.4 (Medium)


                        
                          CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H

CWE

CWE-476 - NULL Pointer Dereference

Assigner

Tcpdump

References

URL

Tags

	https://github.com/the-tcpdump-group/libpcap/comm…	patch
	https://github.com/the-tcpdump-group/libpcap/comm…	patch

Impacted products

	Vendor	Product	Version
	The Tcpdump Group	libpcap	Affected: 1.9.x Affected: 1.10.x , ≤ 1.10.4 (semver)

Credits

Flavio Toffalini Nicolas Badoux

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-8006",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-09-03T19:17:39.415802Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-09-03T19:17:49.301Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "modules": [
            "remote packet capture"
          ],
          "product": "libpcap",
          "programRoutines": [
            {
              "name": "pcap_findalldevs_ex()"
            }
          ],
          "repo": "https://github.com/the-tcpdump-group/libpcap/",
          "vendor": "The Tcpdump Group",
          "versions": [
            {
              "status": "affected",
              "version": "1.9.x"
            },
            {
              "lessThanOrEqual": "1.10.4",
              "status": "affected",
              "version": "1.10.x",
              "versionType": "semver"
            }
          ]
        }
      ],
      "configurations": [
        {
          "lang": "en",
          "value": "The problem is specific to the remote packet capture code, which is not enabled in the default build configuration."
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "value": "Flavio Toffalini"
        },
        {
          "lang": "en",
          "type": "reporter",
          "value": "Nicolas Badoux"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Remote packet capture support is disabled by default in libpcap.  When a user builds libpcap with remote packet capture support enabled, one of the functions that become available is pcap_findalldevs_ex().  One of the function arguments can be a filesystem path, which normally means a directory with input data files.  When the specified path cannot be used as a directory, the function receives NULL from opendir(), but does not check the return value and passes the NULL value to readdir(), which causes a NULL pointer derefence."
        }
      ],
      "exploits": [
        {
          "lang": "en",
          "value": "A functional exploit exists."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 4.4,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "HIGH",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-476",
              "description": "CWE-476 NULL Pointer Dereference",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-08-30T23:53:11.334Z",
        "orgId": "cfdbb673-b408-4d03-89c1-c3d73ed80896",
        "shortName": "Tcpdump"
      },
      "references": [
        {
          "tags": [
            "patch"
          ],
          "url": "https://github.com/the-tcpdump-group/libpcap/commit/0f8a103469ce87d2b8d68c5130a46ddb7fb5eb29"
        },
        {
          "tags": [
            "patch"
          ],
          "url": "https://github.com/the-tcpdump-group/libpcap/commit/8a633ee5b9ecd9d38a587ac9b204e2380713b0d6"
        }
      ],
      "solutions": [
        {
          "lang": "en",
          "value": "Upgrade to libpcap 1.10.5."
        }
      ],
      "source": {
        "discovery": "EXTERNAL"
      },
      "title": "NULL pointer dereference in libpcap before 1.10.5 with remote packet capture support",
      "workarounds": [
        {
          "lang": "en",
          "value": "Do not build libpcap with remote packet capture support."
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "cfdbb673-b408-4d03-89c1-c3d73ed80896",
    "assignerShortName": "Tcpdump",
    "cveId": "CVE-2024-8006",
    "datePublished": "2024-08-30T23:53:11.334Z",
    "dateReserved": "2024-08-20T09:58:58.455Z",
    "dateUpdated": "2024-09-03T19:17:49.301Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

MSRC_CVE-2024-8006

CVE-2024-8006 (GCVE-0-2024-8006)

Tags

Sightings

Nomenclature