[tcpdump-workers] Security vulnerability

Guy Harris guy at alum.mit.edu
Tue Apr 7 14:46:24 EDT 2015


On Apr 7, 2015, at 5:28 AM, "H R, Shashikumar" <shashikumar.h-r at hp.com> wrote:

> While through list vulnerability  ,  It is mentioned that libpcap suffers the from attack mentioned in below link .
> 
> https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-4174

No, it is not mentioned there.  What that link says is:

> wiretap/libpcap.c in the libpcap file parser in Wireshark 1.10.x

The file has "libpcap" in its name, but it is *not* part of libpcap.  Wireshark has its own code to read libpcap, a/k/a pcap, files, and the bug was in *that* code.  It's a Wireshark bug, not a libpcap bug.

The bug report for that appears to be

	https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=9753

and it has two test captures attached to it; libpcap does not crash with either of them.

> Is libpcap version 1.1.1 available on tcpdump.org  is vulnerable to this attack ?

No version of libpcap is vulnerable.

> if yes which version has the fix for the same.

There's no bug in libpcap, so there's no fix to be made.



More information about the tcpdump-workers mailing list