CVE-2024-8006 Information

Description

Remote packet capture support is disabled by default in libpcap. When a user builds libpcap with remote packet capture support enabled one of the functions that become available is pcap_findalldevs_ex(). One of the function arguments can be a filesystem path which normally means a directory with input data files. When the specified path cannot be used as a directory the function receives NULL from opendir() but does not check the return value and passes the NULL value to readdir() which causes a NULL pointer derefence.

Reference

https://github.com/the-tcpdump-group/libpcap/commit/0f8a103469ce87d2b8d68c5130a46ddb7fb5eb29 https://github.com/the-tcpdump-group/libpcap/commit/8a633ee5b9ecd9d38a587ac9b204e2380713b0d6