Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
tcpflow has TIM Element OOB Write in wifipcap
Vulnerability Description
tcpflow is a TCP/IP packet demultiplexer. In versions up to and including 1.61, wifipcap parses 802.11 management frame elements and performs a length check on the wrong field when handling the TIM element. A crafted frame with a large TIM length can cause a 1-byte out-of-bounds write past `tim.bitmap[251]`. The overflow is small and DoS is the likely impact; code execution is potential, but still up in the air. The affected structure is stack-allocated in `handle_beacon()` and related handlers. As of time of publication, no known patches are available.
CVSS Information
N/A
Vulnerability Type
跨界内存写
Vulnerability Title
TCPFLOW 缓冲区错误漏洞
Vulnerability Description
TCPFLOW是Simson L. Garfinkel个人开发者的一个TCP/IP数据包解复用器。 TCPFLOW 1.61及之前版本存在缓冲区错误漏洞,该漏洞源于wifipcap在处理TIM元素时对错误字段进行长度检查,可能导致越界写入和拒绝服务。
CVSS Information
N/A
Vulnerability Type
N/A