CVE-2024-8006

NULL pointer dereference in libpcap before 1.10.5 with remote packet capture support

Description

Remote packet capture support is disabled by default in libpcap. When a user builds libpcap with remote packet capture support enabled, one of the functions that become available is pcap_findalldevs_ex(). One of the function arguments can be a filesystem path, which normally means a directory with input data files. When the specified path cannot be used as a directory, the function receives NULL from opendir(), but does not check the return value and passes the NULL value to readdir(), which causes a NULL pointer derefence.

Remediation

Solution:

  • Upgrade to libpcap 1.10.5.

Workaround:

  • Do not build libpcap with remote packet capture support.

Category

4.4
CVSS
Severity: Medium
CVSS 3.1 •
EPSS 0.04%
Affected: The Tcpdump Group libpcap
Published at:
Updated at:

References

Link Tags
https://github.com/the-tcpdump-group/libpcap/commit/0f8a103469ce87d2b8d68c5130a46ddb7fb5eb29 patch
https://github.com/the-tcpdump-group/libpcap/commit/8a633ee5b9ecd9d38a587ac9b204e2380713b0d6 patch

Frequently Asked Questions

What is the severity of CVE-2024-8006?
CVE-2024-8006 has been scored as a medium severity vulnerability.
How to fix CVE-2024-8006?
To fix CVE-2024-8006: Upgrade to libpcap 1.10.5.
Is CVE-2024-8006 being actively exploited in the wild?
As for now, there are no information to confirm that CVE-2024-8006 is being actively exploited. According to its EPSS score, there is a ~0% probability that this vulnerability will be exploited by malicious actors in the next 30 days.
What software or system is affected by CVE-2024-8006?
CVE-2024-8006 affects The Tcpdump Group libpcap.
This platform uses data from the NIST NVD, MITRE CVE, MITRE CWE, First.org and CISA KEV but is not endorsed or certified by these entities. CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site.
© 2025 Under My Watch. All Rights Reserved.