Home

CVE-2018-14938

Description

An issue was discovered in wifipcap/wifipcap.cpp in TCPFLOW through 1.5.0-alpha. There is an integer overflow in the function handle_prism during caplen processing. If the caplen is less than 144, one can cause an integer overflow in the function handle_80211, which will result in an out-of-bounds read and may allow access to sensitive memory (or a denial of service).

Risk Information

Base Score
9.1
MODERATE
Vector
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H
EPSS Score
Exploitation Probability
0.464

Associated Vulnerability

VulnerabilityOS Platform
TCP flow recorder (USN-3955-1) tcpflow_1.4.5+repack1-1ubuntu0.1_i386.debLinux
TCP flow recorder (USN-3955-1) tcpflow_1.4.5+repack1-1ubuntu0.1_amd64.debLinux
TCP flow recorder (USN-3955-1) tcpflow_1.4.5+repack1-4ubuntu0.18.04.1_i386.debLinux
TCP flow recorder (USN-3955-1) tcpflow_1.4.5+repack1-4ubuntu0.18.04.1_amd64.debLinux
TCP flow recorder (USN-3955-1) tcpflow_1.4.5+repack1-4ubuntu0.18.10.1_i386.debLinux
TCP flow recorder (USN-3955-1) tcpflow_1.4.5+repack1-4ubuntu0.18.10.1_amd64.debLinux
TCP flow recorder (USN-3955-1) tcpflow-nox_1.4.5+repack1-1ubuntu0.1_i386.debLinux
TCP flow recorder (USN-3955-1) tcpflow-nox_1.4.5+repack1-1ubuntu0.1_amd64.debLinux
TCP flow recorder (USN-3955-1) tcpflow-nox_1.4.5+repack1-4ubuntu0.18.04.1_i386.debLinux
TCP flow recorder (USN-3955-1) tcpflow-nox_1.4.5+repack1-4ubuntu0.18.04.1_amd64.debLinux
TCP flow recorder (USN-3955-1) tcpflow-nox_1.4.5+repack1-4ubuntu0.18.10.1_i386.debLinux
TCP flow recorder (USN-3955-1) tcpflow-nox_1.4.5+repack1-4ubuntu0.18.10.1_amd64.debLinux

Patch Details

No records found

References

https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234