Use After Free Vulnerability in tcpslice by the tcpdump Group
CVE-2021-41043

5.5MEDIUM

Key Information:

Vendor: The Tcpdump Group
Status: Tcpslice
Vendor: CVE Published:; 5 January 2022

🔔 Create The Tcpdump Group Vulnerability Alert

What is CVE-2021-41043?

The vulnerability identified in tcpslice involves a use after free scenario, which may lead to unpredictable behavior when managing memory in network data manipulation. Triggers detected by AddressSanitizer indicate that improper memory handling can compromise system integrity. While no other confirmed impacts have been documented, the potential for exploitation exists, warranting a review of the affected versions.

Affected Version(s)

tcpslice < 1.5

References

https://github.com/the-tcpdump-group/tcpslice/issues/11

x_refsource_MISC

CVSS V3.1

Score:

5.5

Severity:

MEDIUM

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jan 5, 2022
Vulnerability Reserved
Sep 13, 2021

Credit

Mohammad Hosein Askari (@C0NSTANTINE110) - https://www.linkedin.com/in/mohammadhoseinaskari

CVE-2021-41043 Data

JSON