Home > Vulnerability Database > CVE-2023-7256

Mend.io Vulnerability Database

CVE-2023-7256

Good to know:

Date: August 30, 2024

In affected libpcap versions during the setup of a remote packet capture the internal function sock_initaddress() calls getaddrinfo() and possibly freeaddrinfo(), but does not clearly indicate to the caller function whether freeaddrinfo() still remains to be called after the function returns. This makes it possible in some scenarios that both the function and its caller call freeaddrinfo() for the same allocated memory block. A similar problem was reported in Apple libpcap, to which Apple assigned CVE-2023-40400.

Language: C

Severity Score

4.4

Related Resources (4)

Url: https://github.com/the-tcpdump-group/libpcap/commit/262e4f34979872d822ccedf9f318ed89c4d31c03

Url: https://github.com/the-tcpdump-group/libpcap/commit/2aa69b04d8173b18a0e3492e0c8f2f7fabdf642d

Url: https://nvd.nist.gov/vuln/detail/CVE-2023-7256

Url: https://www.mend.io/vulnerability-database/CVE-2023-7256

Severity Score

4.4

Weakness Type (CWE)

Double Free

CWE-415

Top Fix

Upgrade Version

Upgrade to version libpcap-1.10.5

Learn More

CVSS v3.1

Base Score:	4.4
Attack Vector (AV):	LOCAL
Attack Complexity (AC):	LOW
Privileges Required (PR):	HIGH
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	NONE
Integrity (I):	NONE
Availability (A):	HIGH

Mend.io Vulnerability Database

We found results for “”

CVE-2023-7256

Good to know:

Date: August 30, 2024

Language: C

Severity Score

Related Resources (4)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3.1

Do you need more information?