On Apr 7, 2015, at 5:28 AM, "H R, Shashikumar" <shashikumar....@hp.com> wrote:
> While through list vulnerability , It is mentioned that libpcap suffers the > from attack mentioned in below link . > > https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-4174 No, it is not mentioned there. What that link says is: > wiretap/libpcap.c in the libpcap file parser in Wireshark 1.10.x The file has "libpcap" in its name, but it is *not* part of libpcap. Wireshark has its own code to read libpcap, a/k/a pcap, files, and the bug was in *that* code. It's a Wireshark bug, not a libpcap bug. The bug report for that appears to be https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=9753 and it has two test captures attached to it; libpcap does not crash with either of them. > Is libpcap version 1.1.1 available on tcpdump.org is vulnerable to this > attack ? No version of libpcap is vulnerable. > if yes which version has the fix for the same. There's no bug in libpcap, so there's no fix to be made. _______________________________________________ tcpdump-workers mailing list tcpdump-workers@lists.tcpdump.org https://lists.sandelman.ca/mailman/listinfo/tcpdump-workers
