| शीर्षक | PcapPlusPlus v25.05 Heap-based Buffer Overflow |
|---|
| विवरण | A heap-based buffer over-read vulnerability exists in PcapPlusPlus's bundled LightPcapNg parser within the parse_by_block_type function at light_pcapng.c:172. The flaw is caused by missing validation on the captured_packet_length value read directly from parsed PCAPNG file data. When processing a maliciously crafted PCAPNG file, the program calls memcpy() using the untrusted, uncontrolled length value without checking its validity against the actual allocated heap buffer size. This results in copying excessive bytes far beyond the heap buffer boundary, triggering a large out-of-bounds heap read and causing program crash. Remote attackers can exploit this vulnerability by supplying a specially crafted PCAPNG file to trigger heap memory corruption, leading to a denial-of-service (DoS) condition and potential sensitive memory information disclosure. |
|---|
| स्रोत | ⚠️ https://github.com/seladb/PcapPlusPlus/issues/2149 |
|---|
| उपयोगकर्ता | TYGLS (UID 94774) |
|---|
| सबमिशन | 01/06/2026 05:10 AM (29 दिन पहले) |
|---|
| संयम | 29/06/2026 06:25 AM (28 days later) |
|---|
| स्थिति | स्वीकृत |
|---|
| VulDB प्रविष्टि | 374590 [seladb PcapPlusPlus 25.05 LightPcapNg Parser light_pcapng.c parse_by_block_type captured_packet_length बफ़र ओवरफ़्लो] |
|---|
| अंक | 20 |
|---|