TROYANOSYVIRUS
Retour aux CVEs

CVE-2011-1935

CRITICAL
9.8

Description

pcap-linux.c in libpcap 1.1.1 before commit ea9432fabdf4b33cbc76d9437200e028f1c47c93 when snaplen is set may truncate packets, which might allow remote attackers to send arbitrary data while avoiding detection via crafted packets.

Details CVE

Score CVSS v3.19.8
SeveriteCRITICAL
Vecteur CVSSCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Vecteur d'attaqueNETWORK
ComplexiteLOW
Privileges requisNONE
Interaction utilisateurNONE
Publie10/20/2017
Derniere modification4/20/2025
Sourcenvd
Observations honeypot0

Produits affectes

tcpdump:libpcap

References

http://article.gmane.org/gmane.network.tcpdump.devel/4968(secalert@redhat.com)
http://thread.gmane.org/gmane.network.tcpdump.devel/5018(secalert@redhat.com)
http://www.openwall.com/lists/oss-security/2011/05/19/11(secalert@redhat.com)
http://www.openwall.com/lists/oss-security/2014/02/08/5(secalert@redhat.com)
https://bugs.debian.org/cgi-bin/bugreport.cgi?att=1%3Bbug=623868%3Bfilename=0001-Fix-the-calculation-of-the-frame-size-in-memory-mapp.patch%3Bmsg=10(secalert@redhat.com)
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=623868(secalert@redhat.com)
https://security-tracker.debian.org/tracker/CVE-2011-1935/(secalert@redhat.com)
http://article.gmane.org/gmane.network.tcpdump.devel/4968(af854a3a-2127-422b-91ae-364da2661108)
http://thread.gmane.org/gmane.network.tcpdump.devel/5018(af854a3a-2127-422b-91ae-364da2661108)
http://www.openwall.com/lists/oss-security/2011/05/19/11(af854a3a-2127-422b-91ae-364da2661108)
http://www.openwall.com/lists/oss-security/2014/02/08/5(af854a3a-2127-422b-91ae-364da2661108)
https://bugs.debian.org/cgi-bin/bugreport.cgi?att=1%3Bbug=623868%3Bfilename=0001-Fix-the-calculation-of-the-frame-size-in-memory-mapp.patch%3Bmsg=10(af854a3a-2127-422b-91ae-364da2661108)
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=623868(af854a3a-2127-422b-91ae-364da2661108)
https://security-tracker.debian.org/tracker/CVE-2011-1935/(af854a3a-2127-422b-91ae-364da2661108)

Correlations IOC

Aucune correlation enregistree

This product uses data from the NVD API but is not endorsed or certified by the NVD.