CVE-2011-1935 Information

Feb 14, 2021 cve

Description

pcap-linux.c in libpcap 1.1.1 before commit ea9432fabdf4b33cbc76d9437200e028f1c47c93 when snaplen is set may truncate packets which might allow remote attackers to send arbitrary data while avoiding detection via crafted packets.

CVSS Vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Reference

http://article.gmane.org/gmane.network.tcpdump.devel/4968 http://thread.gmane.org/gmane.network.tcpdump.devel/5018 http://www.openwall.com/lists/oss-security/2011/05/19/11 http://www.openwall.com/lists/oss-security/2014/02/08/5 https://bugs.debian.org/cgi-bin/bugreport.cgi?att=1;bug=623868;filename=0001-Fix-the-calculation-of-the-frame-size-in-memory-mapp.patch;msg=10 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=623868 https://security-tracker.debian.org/tracker/CVE-2011-1935/

Attack Complexity

LOW

Privileges Required

NONE

User Interaction Required

NONE

Scope

NONE

Confidentiality Impact

UNCHANGED

Integrity Impact

HIGH

Availability Impact

HIGH

Base Score

HIGH

Base Severity

9.8

Share on: