CVE-2018-14938

An issue was discovered in wifipcap/wifipcap.cpp in TCPFLOW through 1.5.0-alpha. There is an integer overflow in the function handle_prism during caplen processing. If the caplen is less than 144, one can cause an integer overflow in the function handle_80211, which will result in an out-of-bounds read and may allow access to sensitive memory (or a denial of service).
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
9.1 CRITICAL
NETWORK
LOW
NONE
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H
mitreCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 65%
VendorProductVersion
digitalcorporatcpflow
𝑥
≤ 1.4.5
digitalcorporatcpflow
1.5.0:alpha
canonicalubuntu_linux
16.04
canonicalubuntu_linux
18.04
canonicalubuntu_linux
18.10
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
tcpflow
bullseye
1.5.2+repack1-1
fixed
jessie
no-dsa
bookworm
1.6.1-2
fixed
sid
1.6.1-3
fixed
trixie
1.6.1-3
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
tcpflow
jammy
not-affected
impish
not-affected
hirsute
not-affected
groovy
not-affected
focal
not-affected
eoan
not-affected
disco
not-affected
cosmic
Fixed 1.4.5+repack1-4ubuntu0.18.10.1
released
bionic
Fixed 1.4.5+repack1-4ubuntu0.18.04.1
released
xenial
Fixed 1.4.5+repack1-1ubuntu0.1
released
trusty
Fixed 1.4.4+repack1-2ubuntu0.1~esm1
released
Common Weakness Enumeration
References
https://github.com/simsong/tcpflow/commit/a4e1cd14eb5ccc51ed271b65b3420f7d692c40eb
https://github.com/simsong/tcpflow/issues/182
https://lists.debian.org/debian-lts-announce/2020/11/msg00046.html
https://usn.ubuntu.com/3955-1/
https://github.com/simsong/tcpflow/commit/a4e1cd14eb5ccc51ed271b65b3420f7d692c40eb
https://github.com/simsong/tcpflow/issues/182
https://lists.debian.org/debian-lts-announce/2020/11/msg00046.html
https://usn.ubuntu.com/3955-1/