CVE-2023-7256

NameCVE-2023-7256
DescriptionIn affected libpcap versions during the setup of a remote packet capture the internal function sock_initaddress() calls getaddrinfo() and possibly freeaddrinfo(), but does not clearly indicate to the caller function whether freeaddrinfo() still remains to be called after the function returns. This makes it possible in some scenarios that both the function and its caller call freeaddrinfo() for the same allocated memory block. A similar problem was reported in Apple libpcap, to which Apple assigned CVE-2023-40400.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more)

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
libpcap (PTS)jessie, jessie (lts)1.6.2-2+deb8u1vulnerable
stretch (security), stretch (lts), stretch1.8.1-3+deb9u1vulnerable
buster1.8.1-6+deb10u1vulnerable
bullseye1.10.0-2vulnerable
bookworm1.10.3-1vulnerable
sid, trixie1.10.5-1fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
libpcapsource(unstable)1.10.5-1unimportant

Notes

https://github.com/the-tcpdump-group/libpcap/commit/262e4f34979872d822ccedf9f318ed89c4d31c03 (master)
https://github.com/the-tcpdump-group/libpcap/commit/2aa69b04d8173b18a0e3492e0c8f2f7fabdf642d (libpcap-1.10.5)
Builts in Debian do not enable remote package capture (--enable-remote)

Search for package or bug name: Reporting problems