Отправить #844479: PcapPlusPlus v25.05 Heap-based Buffer OverflowИнформация

НазваниеPcapPlusPlus v25.05 Heap-based Buffer Overflow
ОписаниеA heap-based buffer over-read vulnerability exists in PcapPlusPlus's bundled LightPcapNg parser within the parse_by_block_type function at light_pcapng.c:172. The flaw is caused by missing validation on the captured_packet_length value read directly from parsed PCAPNG file data. When processing a maliciously crafted PCAPNG file, the program calls memcpy() using the untrusted, uncontrolled length value without checking its validity against the actual allocated heap buffer size. This results in copying excessive bytes far beyond the heap buffer boundary, triggering a large out-of-bounds heap read and causing program crash. Remote attackers can exploit this vulnerability by supplying a specially crafted PCAPNG file to trigger heap memory corruption, leading to a denial-of-service (DoS) condition and potential sensitive memory information disclosure.
Источник⚠️ https://github.com/seladb/PcapPlusPlus/issues/2149
Пользователь
 TYGLS (UID 94774)
Представление01.06.2026 05:10 (1 месяц назад)
Модерация29.06.2026 06:25 (28 days later)
Статуспринято
Запись VulDB374590 [seladb PcapPlusPlus 25.05 LightPcapNg Parser light_pcapng.c parse_by_block_type captured_packet_length повреждение памяти]
Баллы20

Might our Artificial Intelligence support you?

Check our Alexa App!