CVE-2023-7256
ADVISORY - nistSummary
In affected libpcap versions during the setup of a remote packet capture the internal function sock_initaddress() calls getaddrinfo() and possibly freeaddrinfo(), but does not clearly indicate to the caller function whether freeaddrinfo() still remains to be called after the function returns. This makes it possible in some scenarios that both the function and its caller call freeaddrinfo() for the same allocated memory block. A similar problem was reported in Apple libpcap, to which Apple assigned CVE-2023-40400.
EPSS Score: 0.00014 (0.021)
Common Weakness Enumeration (CWE)
ADVISORY - nist
Double Free
ADVISORY - redhat
Double Free
NIST
CREATED
UPDATED
ADVISORY IDCVE-2023-7256
EXPLOITABILITY SCORE
0.8
EXPLOITS FOUND
-
COMMON WEAKNESS ENUMERATION (CWE)
CVSS SCORE
4.4mediumAlpine
CREATED
UPDATED
ADVISORY IDCVE-2023-7256
EXPLOITABILITY SCORE
-
EXPLOITS FOUND
-
COMMON WEAKNESS ENUMERATION (CWE)-
Debian
CREATED
UPDATED
ADVISORY IDCVE-2023-7256
EXPLOITABILITY SCORE
-
EXPLOITS FOUND
-
COMMON WEAKNESS ENUMERATION (CWE)-
CVSS SCORE
N/AlowUbuntu
CREATED
UPDATED
ADVISORY IDCVE-2023-7256
EXPLOITABILITY SCORE
0.8
EXPLOITS FOUND
-
COMMON WEAKNESS ENUMERATION (CWE)-
CVSS SCORE
4.4mediumRed Hat
CREATED
UPDATED
ADVISORY IDCVE-2023-7256
EXPLOITABILITY SCORE
0.8
EXPLOITS FOUND
-
COMMON WEAKNESS ENUMERATION (CWE)
CVSS SCORE
4.4mediumPhoton
CREATED
UPDATED
ADVISORY ID
CVE-2023-7256
EXPLOITABILITY SCORE
-
EXPLOITS FOUND
-
COMMON WEAKNESS ENUMERATION (CWE)-