CVE-2018-14938
Published: 4 August 2018
An issue was discovered in wifipcap/wifipcap.cpp in TCPFLOW through 1.5.0-alpha. There is an integer overflow in the function handle_prism during caplen processing. If the caplen is less than 144, one can cause an integer overflow in the function handle_80211, which will result in an out-of-bounds read and may allow access to sensitive memory (or a denial of service).
From the Ubuntu Security Team
It was discovered that tcpflow mishandled certain crafted input, resulting in an integer overflow. An attacker could use this vulnerability to leak sensitive information or cause a denial of service (crash).
Priority
Status
Package | Release | Status |
---|---|---|
tcpflow Launchpad, Ubuntu, Debian |
bionic |
Released
(1.4.5+repack1-4ubuntu0.18.04.1)
|
cosmic |
Released
(1.4.5+repack1-4ubuntu0.18.10.1)
|
|
disco |
Not vulnerable
(1.5.2+repack1-1)
|
|
eoan |
Not vulnerable
(1.5.2+repack1-1)
|
|
focal |
Not vulnerable
(1.5.2+repack1-1)
|
|
groovy |
Not vulnerable
(1.5.2+repack1-1)
|
|
hirsute |
Not vulnerable
(1.5.2+repack1-1)
|
|
impish |
Not vulnerable
(1.5.2+repack1-1)
|
|
jammy |
Not vulnerable
(1.5.2+repack1-1)
|
|
trusty |
Released
(1.4.4+repack1-2ubuntu0.1~esm1)
Available with Ubuntu Pro or Ubuntu Pro (Infra-only) |
|
upstream |
Released
(1.5.0+repack1-1)
|
|
xenial |
Released
(1.4.5+repack1-1ubuntu0.1)
|
Severity score breakdown
Parameter | Value |
---|---|
Base score | 9.1 |
Attack vector | Network |
Attack complexity | Low |
Privileges required | None |
User interaction | None |
Scope | Unchanged |
Confidentiality | High |
Integrity impact | None |
Availability impact | High |
Vector | CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H |