OSV-2023-1306

See a problem?

Import Source

https://github.com/google/oss-fuzz-vulns/blob/main/vulns/pcapplusplus/OSV-2023-1306.yaml

JSON Data

https://api.osv.dev/v1/vulns/OSV-2023-1306

Published

2023-12-15T00:10:21.932370Z

Modified

2024-09-04T14:13:04.809642Z

Summary

Heap-use-after-free in pcpp::TLVRecordReader<pcpp::DhcpOption>::getTLVRecord

Details

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=65051

Crash type: Heap-use-after-free READ 1
Crash state:
pcpp::TLVRecordReader<pcpp::DhcpOption>::getTLVRecord
pcpp::DhcpLayer::toString
pcpp::Packet::toStringList

References

https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=65051

Affected packages

OSS-Fuzz / pcapplusplus

Package

Name: pcapplusplus
Purl: pkg:generic/pcapplusplus

Affected ranges

Type: GIT
Repo: https://github.com/seladb/PcapPlusPlus
Events: Introduced

813f15b87f5e76a62d64360f8cbdf449c21316e4

Affected versions

v24.*

v24.09

Ecosystem specific

{
    "severity": "HIGH"
}

Database specific

{
    "introduced_range": "3227ad11ec457c3dad062db548432d2a1c837d50:0c95dfb3557644acc6a10060e48cfae1a61fc2f0"
}