TROYANOSYVIRUS
Back to CVEs

CVE-2011-1935

CRITICAL
9.8

Description

pcap-linux.c in libpcap 1.1.1 before commit ea9432fabdf4b33cbc76d9437200e028f1c47c93 when snaplen is set may truncate packets, which might allow remote attackers to send arbitrary data while avoiding detection via crafted packets.

CVE Details

CVSS v3.1 Score9.8
SeverityCRITICAL
CVSS VectorCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Attack VectorNETWORK
ComplexityLOW
Privileges RequiredNONE
User InteractionNONE
Published10/20/2017
Last Modified4/20/2025
Sourcenvd
Honeypot Sightings0

Affected Products

tcpdump:libpcap

References

http://article.gmane.org/gmane.network.tcpdump.devel/4968(secalert@redhat.com)
http://thread.gmane.org/gmane.network.tcpdump.devel/5018(secalert@redhat.com)
http://www.openwall.com/lists/oss-security/2011/05/19/11(secalert@redhat.com)
http://www.openwall.com/lists/oss-security/2014/02/08/5(secalert@redhat.com)
https://bugs.debian.org/cgi-bin/bugreport.cgi?att=1%3Bbug=623868%3Bfilename=0001-Fix-the-calculation-of-the-frame-size-in-memory-mapp.patch%3Bmsg=10(secalert@redhat.com)
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=623868(secalert@redhat.com)
https://security-tracker.debian.org/tracker/CVE-2011-1935/(secalert@redhat.com)
http://article.gmane.org/gmane.network.tcpdump.devel/4968(af854a3a-2127-422b-91ae-364da2661108)
http://thread.gmane.org/gmane.network.tcpdump.devel/5018(af854a3a-2127-422b-91ae-364da2661108)
http://www.openwall.com/lists/oss-security/2011/05/19/11(af854a3a-2127-422b-91ae-364da2661108)
http://www.openwall.com/lists/oss-security/2014/02/08/5(af854a3a-2127-422b-91ae-364da2661108)
https://bugs.debian.org/cgi-bin/bugreport.cgi?att=1%3Bbug=623868%3Bfilename=0001-Fix-the-calculation-of-the-frame-size-in-memory-mapp.patch%3Bmsg=10(af854a3a-2127-422b-91ae-364da2661108)
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=623868(af854a3a-2127-422b-91ae-364da2661108)
https://security-tracker.debian.org/tracker/CVE-2011-1935/(af854a3a-2127-422b-91ae-364da2661108)

IOC Correlations

No correlations recorded

This product uses data from the NVD API but is not endorsed or certified by the NVD.