Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
9.1
CVSSv3

CVE-2018-14938

Published: 05/08/2018 Updated: 29/11/2020
CVSS v2 Base Score: 6.4 | Impact Score: 4.9 | Exploitability Score: 10
CVSS v3 Base Score: 9.1 | Impact Score: 5.2 | Exploitability Score: 3.9
VMScore: 570
Vector: AV:N/AC:L/Au:N/C:P/I:N/A:P
Subscribe to Digitalcorpora

Vulnerability Summary

An issue exists in wifipcap/wifipcap.cpp in TCPFLOW up to and including 1.5.0-alpha. There is an integer overflow in the function handle_prism during caplen processing. If the caplen is less than 144, one can cause an integer overflow in the function handle_80211, which will result in an out-of-bounds read and may allow access to sensitive memory (or a denial of service).

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

digitalcorpora tcpflow

digitalcorpora tcpflow 1.5.0

canonical ubuntu linux 18.04

canonical ubuntu linux 18.10

canonical ubuntu linux 16.04

Vendor Advisories

Debian CVElist Bug Report Logs: tcpflow: CVE-2018-14938: integer overflow vulnerability in wifipacp.cpp
Debian Bug report logs - #905483 tcpflow: CVE-2018-14938: integer overflow vulnerability in wifipacpcpp Package: src:tcpflow; Maintainer for src:tcpflow is Dima Kogan <dkogan@debianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Sun, 5 Aug 2018 09:30:01 UTC Severity: important Tags: fixed-upstrea ...
Ubuntu Security Notice: tcpflow vulnerabilities
tcpflow could be made to crash or expose sensitive information over the network if it opened a specially crafted file or received specially crafted network traffic ...

References

CWE-125CWE-190https://github.com/simsong/tcpflow/issues/182https://github.com/simsong/tcpflow/commit/a4e1cd14eb5ccc51ed271b65b3420f7d692c40ebhttps://usn.ubuntu.com/3955-1/https://lists.debian.org/debian-lts-announce/2020/11/msg00046.htmlhttps://bugs.debian.org/cgi-bin/bugreport.cgi?bug=905483https://usn.ubuntu.com/3955-1/https://nvd.nist.gov
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-22460CVE-2024-4646CVE-2024-29212IMAPCVE-2023-36672CVE-2024-34547command injectionCVE-2024-4651stored XSS
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook