Bug 2308783 (CVE-2023-7256)
| Summary: | CVE-2023-7256 libpcap: Double Free in libcap | ||
|---|---|---|---|
| Product: | [Other] Security Response | Reporter: | OSIDB Bzimport <bzimport> |
| Component: | vulnerability | Assignee: | Product Security DevOps Team <prodsec-dev> |
| Status: | NEW --- | QA Contact: | |
| Severity: | medium | Docs Contact: | |
| Priority: | medium | ||
| Version: | unspecified | CC: | ansasaki, carlosrodrifernandez |
| Target Milestone: | --- | Keywords: | Security |
| Target Release: | --- | ||
| Hardware: | All | ||
| OS: | Linux | ||
| Whiteboard: | |||
| Fixed In Version: | Doc Type: | If docs needed, set a value | |
| Doc Text: |
A vulnerability was found in libpcap. During the setup of a remote packet capture, the internal sock_initaddress() function calls getaddrinfo() and possibly freeaddrinfo(), but does not clearly indicate to the caller function as to whether freeaddrinfo() remains to be called after the function returns. This issue makes it possible in some scenarios that the function and its caller call freeaddrinfo() for the same allocated memory block.
|
Story Points: | --- |
| Clone Of: | Environment: | ||
| Last Closed: | Type: | --- | |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
| Bug Depends On: | 2308976, 2308977 | ||
| Bug Blocks: | |||
|
Description
OSIDB Bzimport
2024-08-31 00:20:56 UTC
libcap 2.48, 2.69, or 2.170 doesn't have "sock_initaddress".
Also the OSIDB import refers to libpcap ("p" in the middle). A different library
You created the issue for libcap, but I think you meant libpcap: https://src.fedoraproject.org/rpms/libpcap |