Infinite Loop Bug Affects Tcpdump PPP Printer in Git Master Branch
CVE-2024-2397

6.2MEDIUM

Key Information:

Vendor: The Tcpdump Group
Status: Tcpdump
Vendor: CVE Published:; 12 April 2024

🔔 Create The Tcpdump Group Vulnerability Alert

Badges

👾 Exploit Exists

What is CVE-2024-2397?

Due to a bug in packet data buffers management, the PPP printer in tcpdump can enter an infinite loop when reading a crafted DLT_PPP_SERIAL .pcap savefile. This problem does not affect any tcpdump release, but it affected the git master branch from 2023-06-05 to 2024-03-21.

Affected Version(s)

tcpdump 0d4083e

References

https://github.com/the-tcpdump-group/tcpdump/commit/b9811...

patch

https://lists.fedoraproject.org/archives/list/package-ann...

CVSS V3.1

Score:

6.2

Severity:

MEDIUM

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

👾
Exploit known to exist
Jun 10, 2024
Vulnerability published
Apr 12, 2024
Vulnerability Reserved
Mar 12, 2024

CVE-2024-2397 Data

JSON