VYPR

Libpcap

by Tcpdump

Source repositories

CVEs (9)

  • CVE-2011-1935CriOct 20, 2017
    risk 0.64cvss 9.8epss 0.04

    pcap-linux.c in libpcap 1.1.1 before commit ea9432fabdf4b33cbc76d9437200e028f1c47c93 when snaplen is set may truncate packets, which might allow remote attackers to send arbitrary data while avoiding detection via crafted packets.

  • CVE-2025-11964LowDec 31, 2025
    risk 0.05cvss 1.9epss 0.00

    On Windows only, if libpcap needs to convert a Windows error message to UTF-8 and the message includes characters that UTF-8 represents using 4 bytes, utf_16le_to_utf_8_truncated() can write data beyond the end of the provided buffer.

  • CVE-2025-11961LowDec 31, 2025
    risk 0.05cvss 1.9epss 0.00

    pcap_ether_aton() is an auxiliary function in libpcap, it takes a string argument and returns a fixed-size allocated buffer. The string argument must be a well-formed MAC-48 address in one of the supported formats, but this requirement has been poorly documented. If an…

  • CVE-2024-8006Aug 30, 2024
    risk 0.00cvss epss 0.00

    Remote packet capture support is disabled by default in libpcap. When a user builds libpcap with remote packet capture support enabled, one of the functions that become available is pcap_findalldevs_ex(). One of the function arguments can be a filesystem path, which normally…

  • CVE-2023-7256Aug 30, 2024
    risk 0.00cvss epss 0.00

    In affected libpcap versions during the setup of a remote packet capture the internal function sock_initaddress() calls getaddrinfo() and possibly freeaddrinfo(), but does not clearly indicate to the caller function whether freeaddrinfo() still remains to be called after the…

  • CVE-2019-15165Oct 3, 2019
    risk 0.00cvss epss 0.03

    sf-pcapng.c in libpcap before 1.9.1 does not properly validate the PHB header length before allocating memory.

  • CVE-2019-15164Oct 3, 2019
    risk 0.00cvss epss 0.03

    rpcapd/daemon.c in libpcap before 1.9.1 allows SSRF because a URL may be provided as a capture source.

  • CVE-2019-15162Oct 3, 2019
    risk 0.00cvss epss 0.02

    rpcapd/daemon.c in libpcap before 1.9.1 on non-Windows platforms provides details about why authentication failed, which might make it easier for attackers to enumerate valid usernames.

  • CVE-2019-15161Oct 3, 2019
    risk 0.00cvss epss 0.03

    rpcapd/daemon.c in libpcap before 1.9.1 mishandles certain length values because of reuse of a variable. This may open up an attack vector involving extra data at the end of a request.