| 제목 | PcapPlusPlus v25.05 Heap-based Buffer Overflow |
|---|
| 설명 | A heap-based buffer over-read vulnerability exists in PcapPlusPlus's bundled LightPcapNg parser within the parse_by_block_type function at light_pcapng.c:172. The flaw is caused by missing validation on the captured_packet_length value read directly from parsed PCAPNG file data. When processing a maliciously crafted PCAPNG file, the program calls memcpy() using the untrusted, uncontrolled length value without checking its validity against the actual allocated heap buffer size. This results in copying excessive bytes far beyond the heap buffer boundary, triggering a large out-of-bounds heap read and causing program crash. Remote attackers can exploit this vulnerability by supplying a specially crafted PCAPNG file to trigger heap memory corruption, leading to a denial-of-service (DoS) condition and potential sensitive memory information disclosure. |
|---|
| 원천 | ⚠️ https://github.com/seladb/PcapPlusPlus/issues/2149 |
|---|
| 사용자 | TYGLS (UID 94774) |
|---|
| 제출 | 2026. 06. 01. AM 05:10 (29 날 ago) |
|---|
| 모더레이션 | 2026. 06. 29. AM 06:25 (28 days later) |
|---|
| 상태 | 수락 |
|---|
| VulDB 항목 | 374590 [seladb PcapPlusPlus 25.05 LightPcapNg Parser light_pcapng.c parse_by_block_type captured_packet_length 메모리 손상] |
|---|
| 포인트들 | 20 |
|---|